From e8b0774392cda8850469e4628b9d1e068109e79a Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 7 Dec 2016 10:01:30 +0000 Subject: [PATCH] Add SNI with DTLS tests to ssl-opt.sh script --- tests/ssl-opt.sh | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9fde54a6b..a3bf67729 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2646,6 +2646,54 @@ run_test "SNI: CA override with CRL" \ -S "! The certificate is not correctly signed by the trusted CA" \ -s "The certificate has been revoked (is on a CRL)" +# Tests for SNI and DTLS + +run_test "SNI/DTLS: matching cert 1" \ + "$P_SRV debug_level=3 dtls=1 \ + crt_file=data_files/server5.crt key_file=data_files/server5.key \ + sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ + "$P_CLI server_name=localhost dtls=1" \ + 0 \ + -s "parse ServerName extension" \ + -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ + -c "subject name *: C=NL, O=PolarSSL, CN=localhost" + +run_test "SNI/DTLS: CA override" \ + "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ + crt_file=data_files/server5.crt key_file=data_files/server5.key \ + ca_file=data_files/test-ca.crt \ + sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ + "$P_CLI debug_level=3 server_name=localhost dtls=1 \ + crt_file=data_files/server6.crt key_file=data_files/server6.key" \ + 0 \ + -S "skip write certificate request" \ + -C "skip parse certificate request" \ + -c "got a certificate request" \ + -C "skip write certificate" \ + -C "skip write certificate verify" \ + -S "skip parse certificate verify" \ + -S "x509_verify_cert() returned" \ + -S "! The certificate is not correctly signed by the trusted CA" \ + -S "The certificate has been revoked (is on a CRL)" + +run_test "SNI/DTLS: CA override with CRL" \ + "$P_SRV debug_level=3 auth_mode=optional \ + crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ + ca_file=data_files/test-ca.crt \ + sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ + "$P_CLI debug_level=3 server_name=localhost dtls=1 \ + crt_file=data_files/server6.crt key_file=data_files/server6.key" \ + 1 \ + -S "skip write certificate request" \ + -C "skip parse certificate request" \ + -c "got a certificate request" \ + -C "skip write certificate" \ + -C "skip write certificate verify" \ + -S "skip parse certificate verify" \ + -s "x509_verify_cert() returned" \ + -S "! The certificate is not correctly signed by the trusted CA" \ + -s "The certificate has been revoked (is on a CRL)" + # Tests for non-blocking I/O: exercise a variety of handshake flows run_test "Non-blocking I/O: basic handshake" \