xref: /freebsd/crypto/openssl/test/ssl-tests/05-sni.cnf.in (revision f73124b077d867990cbcb4d903b48be2ca55e4ca)
1# -*- mode: perl; -*-
2# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## SSL test configurations
11
12use strict;
13use warnings;
14
15package ssltests;
16use OpenSSL::Test::Utils;
17
18our $fips_mode;
19
20our @tests = (
21    {
22        name => "SNI-switch-context",
23        server => {
24            extra => {
25                "ServerNameCallback" => "IgnoreMismatch",
26            },
27        },
28        client => {
29            extra => {
30                "ServerName" => "server2",
31            },
32        },
33        test   => {
34            "ExpectedServerName" => "server2",
35            "ExpectedResult" => "Success"
36        },
37    },
38    {
39        name => "SNI-keep-context",
40        server => {
41            extra => {
42                "ServerNameCallback" => "IgnoreMismatch",
43            },
44        },
45        client => {
46            extra => {
47                "ServerName" => "server1",
48            },
49        },
50        test   => {
51            "ExpectedServerName" => "server1",
52            "ExpectedResult" => "Success"
53        },
54    },
55    {
56        name => "SNI-no-server-support",
57        server => { },
58        client => {
59            extra => {
60                "ServerName" => "server1",
61            },
62        },
63        test   => { "ExpectedResult" => "Success" },
64    },
65    {
66        name => "SNI-no-client-support",
67        server => {
68            extra => {
69                "ServerNameCallback" => "IgnoreMismatch",
70            },
71        },
72        client => { },
73        test   => {
74            # We expect that the callback is still called
75            # to let the application decide whether they tolerate
76            # missing SNI (as our test callback does).
77            "ExpectedServerName" => "server1",
78            "ExpectedResult" => "Success"
79        },
80    },
81    {
82        name => "SNI-bad-sni-ignore-mismatch",
83        server => {
84            extra => {
85                "ServerNameCallback" => "IgnoreMismatch",
86            },
87        },
88        client => {
89            extra => {
90                "ServerName" => "invalid",
91            },
92        },
93        test   => {
94            "ExpectedServerName" => "server1",
95            "ExpectedResult" => "Success"
96        },
97    },
98    {
99        name => "SNI-bad-sni-reject-mismatch",
100        server => {
101            extra => {
102                "ServerNameCallback" => "RejectMismatch",
103            },
104        },
105        client => {
106            extra => {
107                "ServerName" => "invalid",
108            },
109        },
110        test   => {
111            "ExpectedResult" => "ServerFail",
112            "ExpectedServerAlert" => "UnrecognizedName"
113        },
114    },
115    {
116        name => "SNI-bad-clienthello-sni-ignore-mismatch",
117        server => {
118            extra => {
119                "ServerNameCallback" => "ClientHelloIgnoreMismatch",
120            },
121        },
122        client => {
123            extra => {
124                "ServerName" => "invalid",
125            },
126        },
127        test   => {
128            "ExpectedServerName" => "server1",
129            "ExpectedResult" => "Success"
130        },
131    },
132    {
133        name => "SNI-bad-clienthello-sni-reject-mismatch",
134        server => {
135            extra => {
136                "ServerNameCallback" => "ClientHelloRejectMismatch",
137            },
138        },
139        client => {
140            extra => {
141                "ServerName" => "invalid",
142            },
143        },
144        test   => {
145            "ExpectedResult" => "ServerFail",
146            "ExpectedServerAlert" => "UnrecognizedName"
147        },
148    },
149);
150
151our @tests_tls_1_1 = (
152    {
153        name => "SNI-clienthello-disable-v12",
154        server => {
155            "CipherString" => "DEFAULT:\@SECLEVEL=0",
156            extra => {
157                "ServerNameCallback" => "ClientHelloNoV12",
158            },
159        },
160        client => {
161            "CipherString" => "DEFAULT:\@SECLEVEL=0",
162            extra => {
163                "ServerName" => "server2",
164            },
165        },
166        test   => {
167            "ExpectedProtocol" => "TLSv1.1",
168            "ExpectedServerName" => "server2",
169        },
170    },
171);
172
173push @tests, @tests_tls_1_1 unless disabled("tls1_1") || $fips_mode;
174