mirrors-yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls synced 2024-11-24 13:48:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add tests for SNI

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-25 12:26:29 +01:00
parent 0d8780b2cd
commit 96ea2f2557
2 changed files with 52 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
library/ssl_srv.c
View file

@ -367,6 +367,8 @@ static int ssl_parse_servername_ext( ssl_context *ssl,
size_t servername_list_size, hostname_len;
const unsigned char *p;
SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
@ -389,6 +391,7 @@ static int ssl_parse_servername_ext( ssl_context *ssl,
ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
if( ret != 0 )
{
SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
SSL_ALERT_MSG_UNRECOGNIZED_NAME );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );

51
tests/ssl-opt.sh
View file

@ -48,10 +48,10 @@ run_test() {
shift
# run the commands
$SRV_CMD $1 > srv_out &
$SHELL -c "$SRV_CMD $1" > srv_out &
SRV_PID=$!
sleep 1
$CLI_CMD $2 > cli_out
$SHELL -c "$CLI_CMD $2" > cli_out
CLI_EXIT=$?
echo SERVERQUIT | openssl s_client -no_ticket \
-cert data_files/cli2.crt -key data_files/cli2.key \
@ -461,6 +461,53 @@ run_test "Authentication #6 (client badcert, server none)" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
# tests for SNI
run_test "SNI #0 (no SNI callback)" \
"debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"debug_level=0 server_addr=127.0.0.1 \
server_name=localhost" \
0 \
-S "parse ServerName extension" \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
run_test "SNI #1 (matching cert 1)" \
"debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
"debug_level=0 server_addr=127.0.0.1 \
server_name=localhost" \
0 \
-s "parse ServerName extension" \
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
run_test "SNI #2 (matching cert 2)" \
"debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
"debug_level=0 server_addr=127.0.0.1 \
server_name='PolarSSL Server 1'" \
0 \
-s "parse ServerName extension" \
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
run_test "SNI #3 (no matching cert)" \
"debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
"debug_level=0 server_addr=127.0.0.1 \
server_name='PolarSSL Server 2'" \
1 \
-s "parse ServerName extension" \
-s "ssl_sni_wrapper() returned" \
-s "ssl_handshake returned" \
-c "ssl_handshake returned" \
-c "SSL - A fatal alert message was received from our peer"
# Final report
echo "------------------------------------------------------------------------"