1*e0c4386eSCy Schubert# -*- mode: perl; -*- 2*e0c4386eSCy Schubert# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubert 10*e0c4386eSCy Schubert## SSL test configurations 11*e0c4386eSCy Schubert 12*e0c4386eSCy Schubertuse strict; 13*e0c4386eSCy Schubertuse warnings; 14*e0c4386eSCy Schubert 15*e0c4386eSCy Schubertpackage ssltests; 16*e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 17*e0c4386eSCy Schubert 18*e0c4386eSCy Schubertour $fips_mode; 19*e0c4386eSCy Schubert 20*e0c4386eSCy Schubertour @tests = ( 21*e0c4386eSCy Schubert { 22*e0c4386eSCy Schubert name => "SNI-switch-context", 23*e0c4386eSCy Schubert server => { 24*e0c4386eSCy Schubert extra => { 25*e0c4386eSCy Schubert "ServerNameCallback" => "IgnoreMismatch", 26*e0c4386eSCy Schubert }, 27*e0c4386eSCy Schubert }, 28*e0c4386eSCy Schubert client => { 29*e0c4386eSCy Schubert extra => { 30*e0c4386eSCy Schubert "ServerName" => "server2", 31*e0c4386eSCy Schubert }, 32*e0c4386eSCy Schubert }, 33*e0c4386eSCy Schubert test => { 34*e0c4386eSCy Schubert "ExpectedServerName" => "server2", 35*e0c4386eSCy Schubert "ExpectedResult" => "Success" 36*e0c4386eSCy Schubert }, 37*e0c4386eSCy Schubert }, 38*e0c4386eSCy Schubert { 39*e0c4386eSCy Schubert name => "SNI-keep-context", 40*e0c4386eSCy Schubert server => { 41*e0c4386eSCy Schubert extra => { 42*e0c4386eSCy Schubert "ServerNameCallback" => "IgnoreMismatch", 43*e0c4386eSCy Schubert }, 44*e0c4386eSCy Schubert }, 45*e0c4386eSCy Schubert client => { 46*e0c4386eSCy Schubert extra => { 47*e0c4386eSCy Schubert "ServerName" => "server1", 48*e0c4386eSCy Schubert }, 49*e0c4386eSCy Schubert }, 50*e0c4386eSCy Schubert test => { 51*e0c4386eSCy Schubert "ExpectedServerName" => "server1", 52*e0c4386eSCy Schubert "ExpectedResult" => "Success" 53*e0c4386eSCy Schubert }, 54*e0c4386eSCy Schubert }, 55*e0c4386eSCy Schubert { 56*e0c4386eSCy Schubert name => "SNI-no-server-support", 57*e0c4386eSCy Schubert server => { }, 58*e0c4386eSCy Schubert client => { 59*e0c4386eSCy Schubert extra => { 60*e0c4386eSCy Schubert "ServerName" => "server1", 61*e0c4386eSCy Schubert }, 62*e0c4386eSCy Schubert }, 63*e0c4386eSCy Schubert test => { "ExpectedResult" => "Success" }, 64*e0c4386eSCy Schubert }, 65*e0c4386eSCy Schubert { 66*e0c4386eSCy Schubert name => "SNI-no-client-support", 67*e0c4386eSCy Schubert server => { 68*e0c4386eSCy Schubert extra => { 69*e0c4386eSCy Schubert "ServerNameCallback" => "IgnoreMismatch", 70*e0c4386eSCy Schubert }, 71*e0c4386eSCy Schubert }, 72*e0c4386eSCy Schubert client => { }, 73*e0c4386eSCy Schubert test => { 74*e0c4386eSCy Schubert # We expect that the callback is still called 75*e0c4386eSCy Schubert # to let the application decide whether they tolerate 76*e0c4386eSCy Schubert # missing SNI (as our test callback does). 77*e0c4386eSCy Schubert "ExpectedServerName" => "server1", 78*e0c4386eSCy Schubert "ExpectedResult" => "Success" 79*e0c4386eSCy Schubert }, 80*e0c4386eSCy Schubert }, 81*e0c4386eSCy Schubert { 82*e0c4386eSCy Schubert name => "SNI-bad-sni-ignore-mismatch", 83*e0c4386eSCy Schubert server => { 84*e0c4386eSCy Schubert extra => { 85*e0c4386eSCy Schubert "ServerNameCallback" => "IgnoreMismatch", 86*e0c4386eSCy Schubert }, 87*e0c4386eSCy Schubert }, 88*e0c4386eSCy Schubert client => { 89*e0c4386eSCy Schubert extra => { 90*e0c4386eSCy Schubert "ServerName" => "invalid", 91*e0c4386eSCy Schubert }, 92*e0c4386eSCy Schubert }, 93*e0c4386eSCy Schubert test => { 94*e0c4386eSCy Schubert "ExpectedServerName" => "server1", 95*e0c4386eSCy Schubert "ExpectedResult" => "Success" 96*e0c4386eSCy Schubert }, 97*e0c4386eSCy Schubert }, 98*e0c4386eSCy Schubert { 99*e0c4386eSCy Schubert name => "SNI-bad-sni-reject-mismatch", 100*e0c4386eSCy Schubert server => { 101*e0c4386eSCy Schubert extra => { 102*e0c4386eSCy Schubert "ServerNameCallback" => "RejectMismatch", 103*e0c4386eSCy Schubert }, 104*e0c4386eSCy Schubert }, 105*e0c4386eSCy Schubert client => { 106*e0c4386eSCy Schubert extra => { 107*e0c4386eSCy Schubert "ServerName" => "invalid", 108*e0c4386eSCy Schubert }, 109*e0c4386eSCy Schubert }, 110*e0c4386eSCy Schubert test => { 111*e0c4386eSCy Schubert "ExpectedResult" => "ServerFail", 112*e0c4386eSCy Schubert "ExpectedServerAlert" => "UnrecognizedName" 113*e0c4386eSCy Schubert }, 114*e0c4386eSCy Schubert }, 115*e0c4386eSCy Schubert { 116*e0c4386eSCy Schubert name => "SNI-bad-clienthello-sni-ignore-mismatch", 117*e0c4386eSCy Schubert server => { 118*e0c4386eSCy Schubert extra => { 119*e0c4386eSCy Schubert "ServerNameCallback" => "ClientHelloIgnoreMismatch", 120*e0c4386eSCy Schubert }, 121*e0c4386eSCy Schubert }, 122*e0c4386eSCy Schubert client => { 123*e0c4386eSCy Schubert extra => { 124*e0c4386eSCy Schubert "ServerName" => "invalid", 125*e0c4386eSCy Schubert }, 126*e0c4386eSCy Schubert }, 127*e0c4386eSCy Schubert test => { 128*e0c4386eSCy Schubert "ExpectedServerName" => "server1", 129*e0c4386eSCy Schubert "ExpectedResult" => "Success" 130*e0c4386eSCy Schubert }, 131*e0c4386eSCy Schubert }, 132*e0c4386eSCy Schubert { 133*e0c4386eSCy Schubert name => "SNI-bad-clienthello-sni-reject-mismatch", 134*e0c4386eSCy Schubert server => { 135*e0c4386eSCy Schubert extra => { 136*e0c4386eSCy Schubert "ServerNameCallback" => "ClientHelloRejectMismatch", 137*e0c4386eSCy Schubert }, 138*e0c4386eSCy Schubert }, 139*e0c4386eSCy Schubert client => { 140*e0c4386eSCy Schubert extra => { 141*e0c4386eSCy Schubert "ServerName" => "invalid", 142*e0c4386eSCy Schubert }, 143*e0c4386eSCy Schubert }, 144*e0c4386eSCy Schubert test => { 145*e0c4386eSCy Schubert "ExpectedResult" => "ServerFail", 146*e0c4386eSCy Schubert "ExpectedServerAlert" => "UnrecognizedName" 147*e0c4386eSCy Schubert }, 148*e0c4386eSCy Schubert }, 149*e0c4386eSCy Schubert); 150*e0c4386eSCy Schubert 151*e0c4386eSCy Schubertour @tests_tls_1_1 = ( 152*e0c4386eSCy Schubert { 153*e0c4386eSCy Schubert name => "SNI-clienthello-disable-v12", 154*e0c4386eSCy Schubert server => { 155*e0c4386eSCy Schubert "CipherString" => "DEFAULT:\@SECLEVEL=0", 156*e0c4386eSCy Schubert extra => { 157*e0c4386eSCy Schubert "ServerNameCallback" => "ClientHelloNoV12", 158*e0c4386eSCy Schubert }, 159*e0c4386eSCy Schubert }, 160*e0c4386eSCy Schubert client => { 161*e0c4386eSCy Schubert "CipherString" => "DEFAULT:\@SECLEVEL=0", 162*e0c4386eSCy Schubert extra => { 163*e0c4386eSCy Schubert "ServerName" => "server2", 164*e0c4386eSCy Schubert }, 165*e0c4386eSCy Schubert }, 166*e0c4386eSCy Schubert test => { 167*e0c4386eSCy Schubert "ExpectedProtocol" => "TLSv1.1", 168*e0c4386eSCy Schubert "ExpectedServerName" => "server2", 169*e0c4386eSCy Schubert }, 170*e0c4386eSCy Schubert }, 171*e0c4386eSCy Schubert); 172*e0c4386eSCy Schubert 173*e0c4386eSCy Schubertpush @tests, @tests_tls_1_1 unless disabled("tls1_1") || $fips_mode; 174