mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 17:55:42 +01:00
Add tests for SNI
This commit is contained in:
parent
0d8780b2cd
commit
96ea2f2557
@ -367,6 +367,8 @@ static int ssl_parse_servername_ext( ssl_context *ssl,
|
||||
size_t servername_list_size, hostname_len;
|
||||
const unsigned char *p;
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
|
||||
|
||||
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
|
||||
if( servername_list_size + 2 != len )
|
||||
{
|
||||
@ -389,6 +391,7 @@ static int ssl_parse_servername_ext( ssl_context *ssl,
|
||||
ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
|
||||
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
|
||||
SSL_ALERT_MSG_UNRECOGNIZED_NAME );
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
|
@ -48,10 +48,10 @@ run_test() {
|
||||
shift
|
||||
|
||||
# run the commands
|
||||
$SRV_CMD $1 > srv_out &
|
||||
$SHELL -c "$SRV_CMD $1" > srv_out &
|
||||
SRV_PID=$!
|
||||
sleep 1
|
||||
$CLI_CMD $2 > cli_out
|
||||
$SHELL -c "$CLI_CMD $2" > cli_out
|
||||
CLI_EXIT=$?
|
||||
echo SERVERQUIT | openssl s_client -no_ticket \
|
||||
-cert data_files/cli2.crt -key data_files/cli2.key \
|
||||
@ -461,6 +461,53 @@ run_test "Authentication #6 (client badcert, server none)" \
|
||||
-C "! ssl_handshake returned" \
|
||||
-S "X509 - Certificate verification failed"
|
||||
|
||||
# tests for SNI
|
||||
|
||||
run_test "SNI #0 (no SNI callback)" \
|
||||
"debug_level=4 server_addr=127.0.0.1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
|
||||
"debug_level=0 server_addr=127.0.0.1 \
|
||||
server_name=localhost" \
|
||||
0 \
|
||||
-S "parse ServerName extension" \
|
||||
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
|
||||
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
||||
|
||||
run_test "SNI #1 (matching cert 1)" \
|
||||
"debug_level=4 server_addr=127.0.0.1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
|
||||
"debug_level=0 server_addr=127.0.0.1 \
|
||||
server_name=localhost" \
|
||||
0 \
|
||||
-s "parse ServerName extension" \
|
||||
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
||||
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
||||
|
||||
run_test "SNI #2 (matching cert 2)" \
|
||||
"debug_level=4 server_addr=127.0.0.1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
|
||||
"debug_level=0 server_addr=127.0.0.1 \
|
||||
server_name='PolarSSL Server 1'" \
|
||||
0 \
|
||||
-s "parse ServerName extension" \
|
||||
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
||||
-c "subject name *: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
|
||||
|
||||
run_test "SNI #3 (no matching cert)" \
|
||||
"debug_level=4 server_addr=127.0.0.1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
|
||||
"debug_level=0 server_addr=127.0.0.1 \
|
||||
server_name='PolarSSL Server 2'" \
|
||||
1 \
|
||||
-s "parse ServerName extension" \
|
||||
-s "ssl_sni_wrapper() returned" \
|
||||
-s "ssl_handshake returned" \
|
||||
-c "ssl_handshake returned" \
|
||||
-c "SSL - A fatal alert message was received from our peer"
|
||||
|
||||
# Final report
|
||||
|
||||
echo "------------------------------------------------------------------------"
|
||||
|
Loading…
Reference in New Issue
Block a user