xref: /freebsd/crypto/openssl/test/ssl-tests/05-sni.cnf (revision e1e636193db45630c7881246d25902e57c43d24e)
1# Generated with generate_ssl_tests.pl
2
3num_tests = 9
4
5test-0 = 0-SNI-switch-context
6test-1 = 1-SNI-keep-context
7test-2 = 2-SNI-no-server-support
8test-3 = 3-SNI-no-client-support
9test-4 = 4-SNI-bad-sni-ignore-mismatch
10test-5 = 5-SNI-bad-sni-reject-mismatch
11test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch
12test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch
13test-8 = 8-SNI-clienthello-disable-v12
14# ===========================================================
15
16[0-SNI-switch-context]
17ssl_conf = 0-SNI-switch-context-ssl
18
19[0-SNI-switch-context-ssl]
20server = 0-SNI-switch-context-server
21client = 0-SNI-switch-context-client
22server2 = 0-SNI-switch-context-server
23
24[0-SNI-switch-context-server]
25Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
26CipherString = DEFAULT
27PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
28
29[0-SNI-switch-context-client]
30CipherString = DEFAULT
31VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
32VerifyMode = Peer
33
34[test-0]
35ExpectedResult = Success
36ExpectedServerName = server2
37server = 0-SNI-switch-context-server-extra
38server2 = 0-SNI-switch-context-server-extra
39client = 0-SNI-switch-context-client-extra
40
41[0-SNI-switch-context-server-extra]
42ServerNameCallback = IgnoreMismatch
43
44[0-SNI-switch-context-client-extra]
45ServerName = server2
46
47
48# ===========================================================
49
50[1-SNI-keep-context]
51ssl_conf = 1-SNI-keep-context-ssl
52
53[1-SNI-keep-context-ssl]
54server = 1-SNI-keep-context-server
55client = 1-SNI-keep-context-client
56server2 = 1-SNI-keep-context-server
57
58[1-SNI-keep-context-server]
59Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
60CipherString = DEFAULT
61PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
62
63[1-SNI-keep-context-client]
64CipherString = DEFAULT
65VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
66VerifyMode = Peer
67
68[test-1]
69ExpectedResult = Success
70ExpectedServerName = server1
71server = 1-SNI-keep-context-server-extra
72server2 = 1-SNI-keep-context-server-extra
73client = 1-SNI-keep-context-client-extra
74
75[1-SNI-keep-context-server-extra]
76ServerNameCallback = IgnoreMismatch
77
78[1-SNI-keep-context-client-extra]
79ServerName = server1
80
81
82# ===========================================================
83
84[2-SNI-no-server-support]
85ssl_conf = 2-SNI-no-server-support-ssl
86
87[2-SNI-no-server-support-ssl]
88server = 2-SNI-no-server-support-server
89client = 2-SNI-no-server-support-client
90
91[2-SNI-no-server-support-server]
92Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
93CipherString = DEFAULT
94PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
95
96[2-SNI-no-server-support-client]
97CipherString = DEFAULT
98VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
99VerifyMode = Peer
100
101[test-2]
102ExpectedResult = Success
103client = 2-SNI-no-server-support-client-extra
104
105[2-SNI-no-server-support-client-extra]
106ServerName = server1
107
108
109# ===========================================================
110
111[3-SNI-no-client-support]
112ssl_conf = 3-SNI-no-client-support-ssl
113
114[3-SNI-no-client-support-ssl]
115server = 3-SNI-no-client-support-server
116client = 3-SNI-no-client-support-client
117server2 = 3-SNI-no-client-support-server
118
119[3-SNI-no-client-support-server]
120Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
121CipherString = DEFAULT
122PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
123
124[3-SNI-no-client-support-client]
125CipherString = DEFAULT
126VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
127VerifyMode = Peer
128
129[test-3]
130ExpectedResult = Success
131ExpectedServerName = server1
132server = 3-SNI-no-client-support-server-extra
133server2 = 3-SNI-no-client-support-server-extra
134
135[3-SNI-no-client-support-server-extra]
136ServerNameCallback = IgnoreMismatch
137
138
139# ===========================================================
140
141[4-SNI-bad-sni-ignore-mismatch]
142ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
143
144[4-SNI-bad-sni-ignore-mismatch-ssl]
145server = 4-SNI-bad-sni-ignore-mismatch-server
146client = 4-SNI-bad-sni-ignore-mismatch-client
147server2 = 4-SNI-bad-sni-ignore-mismatch-server
148
149[4-SNI-bad-sni-ignore-mismatch-server]
150Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
151CipherString = DEFAULT
152PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
153
154[4-SNI-bad-sni-ignore-mismatch-client]
155CipherString = DEFAULT
156VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
157VerifyMode = Peer
158
159[test-4]
160ExpectedResult = Success
161ExpectedServerName = server1
162server = 4-SNI-bad-sni-ignore-mismatch-server-extra
163server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
164client = 4-SNI-bad-sni-ignore-mismatch-client-extra
165
166[4-SNI-bad-sni-ignore-mismatch-server-extra]
167ServerNameCallback = IgnoreMismatch
168
169[4-SNI-bad-sni-ignore-mismatch-client-extra]
170ServerName = invalid
171
172
173# ===========================================================
174
175[5-SNI-bad-sni-reject-mismatch]
176ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
177
178[5-SNI-bad-sni-reject-mismatch-ssl]
179server = 5-SNI-bad-sni-reject-mismatch-server
180client = 5-SNI-bad-sni-reject-mismatch-client
181server2 = 5-SNI-bad-sni-reject-mismatch-server
182
183[5-SNI-bad-sni-reject-mismatch-server]
184Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
185CipherString = DEFAULT
186PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
187
188[5-SNI-bad-sni-reject-mismatch-client]
189CipherString = DEFAULT
190VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
191VerifyMode = Peer
192
193[test-5]
194ExpectedResult = ServerFail
195ExpectedServerAlert = UnrecognizedName
196server = 5-SNI-bad-sni-reject-mismatch-server-extra
197server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
198client = 5-SNI-bad-sni-reject-mismatch-client-extra
199
200[5-SNI-bad-sni-reject-mismatch-server-extra]
201ServerNameCallback = RejectMismatch
202
203[5-SNI-bad-sni-reject-mismatch-client-extra]
204ServerName = invalid
205
206
207# ===========================================================
208
209[6-SNI-bad-clienthello-sni-ignore-mismatch]
210ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl
211
212[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl]
213server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
214client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client
215server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
216
217[6-SNI-bad-clienthello-sni-ignore-mismatch-server]
218Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219CipherString = DEFAULT
220PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
221
222[6-SNI-bad-clienthello-sni-ignore-mismatch-client]
223CipherString = DEFAULT
224VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
225VerifyMode = Peer
226
227[test-6]
228ExpectedResult = Success
229ExpectedServerName = server1
230server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
231server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
232client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra
233
234[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra]
235ServerNameCallback = ClientHelloIgnoreMismatch
236
237[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra]
238ServerName = invalid
239
240
241# ===========================================================
242
243[7-SNI-bad-clienthello-sni-reject-mismatch]
244ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl
245
246[7-SNI-bad-clienthello-sni-reject-mismatch-ssl]
247server = 7-SNI-bad-clienthello-sni-reject-mismatch-server
248client = 7-SNI-bad-clienthello-sni-reject-mismatch-client
249server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server
250
251[7-SNI-bad-clienthello-sni-reject-mismatch-server]
252Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
253CipherString = DEFAULT
254PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
255
256[7-SNI-bad-clienthello-sni-reject-mismatch-client]
257CipherString = DEFAULT
258VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
259VerifyMode = Peer
260
261[test-7]
262ExpectedResult = ServerFail
263ExpectedServerAlert = UnrecognizedName
264server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
265server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
266client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra
267
268[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra]
269ServerNameCallback = ClientHelloRejectMismatch
270
271[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra]
272ServerName = invalid
273
274
275# ===========================================================
276
277[8-SNI-clienthello-disable-v12]
278ssl_conf = 8-SNI-clienthello-disable-v12-ssl
279
280[8-SNI-clienthello-disable-v12-ssl]
281server = 8-SNI-clienthello-disable-v12-server
282client = 8-SNI-clienthello-disable-v12-client
283server2 = 8-SNI-clienthello-disable-v12-server
284
285[8-SNI-clienthello-disable-v12-server]
286Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
287CipherString = DEFAULT:@SECLEVEL=0
288PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
289
290[8-SNI-clienthello-disable-v12-client]
291CipherString = DEFAULT:@SECLEVEL=0
292VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
293VerifyMode = Peer
294
295[test-8]
296ExpectedProtocol = TLSv1.1
297ExpectedServerName = server2
298server = 8-SNI-clienthello-disable-v12-server-extra
299server2 = 8-SNI-clienthello-disable-v12-server-extra
300client = 8-SNI-clienthello-disable-v12-client-extra
301
302[8-SNI-clienthello-disable-v12-server-extra]
303ServerNameCallback = ClientHelloNoV12
304
305[8-SNI-clienthello-disable-v12-client-extra]
306ServerName = server2
307
308
309