1# -*- mode: perl; -*- 2# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12use strict; 13use warnings; 14 15package ssltests; 16use OpenSSL::Test::Utils; 17 18our $fips_mode; 19 20our @tests = ( 21 { 22 name => "SNI-switch-context", 23 server => { 24 extra => { 25 "ServerNameCallback" => "IgnoreMismatch", 26 }, 27 }, 28 client => { 29 extra => { 30 "ServerName" => "server2", 31 }, 32 }, 33 test => { 34 "ExpectedServerName" => "server2", 35 "ExpectedResult" => "Success" 36 }, 37 }, 38 { 39 name => "SNI-keep-context", 40 server => { 41 extra => { 42 "ServerNameCallback" => "IgnoreMismatch", 43 }, 44 }, 45 client => { 46 extra => { 47 "ServerName" => "server1", 48 }, 49 }, 50 test => { 51 "ExpectedServerName" => "server1", 52 "ExpectedResult" => "Success" 53 }, 54 }, 55 { 56 name => "SNI-no-server-support", 57 server => { }, 58 client => { 59 extra => { 60 "ServerName" => "server1", 61 }, 62 }, 63 test => { "ExpectedResult" => "Success" }, 64 }, 65 { 66 name => "SNI-no-client-support", 67 server => { 68 extra => { 69 "ServerNameCallback" => "IgnoreMismatch", 70 }, 71 }, 72 client => { }, 73 test => { 74 # We expect that the callback is still called 75 # to let the application decide whether they tolerate 76 # missing SNI (as our test callback does). 77 "ExpectedServerName" => "server1", 78 "ExpectedResult" => "Success" 79 }, 80 }, 81 { 82 name => "SNI-bad-sni-ignore-mismatch", 83 server => { 84 extra => { 85 "ServerNameCallback" => "IgnoreMismatch", 86 }, 87 }, 88 client => { 89 extra => { 90 "ServerName" => "invalid", 91 }, 92 }, 93 test => { 94 "ExpectedServerName" => "server1", 95 "ExpectedResult" => "Success" 96 }, 97 }, 98 { 99 name => "SNI-bad-sni-reject-mismatch", 100 server => { 101 extra => { 102 "ServerNameCallback" => "RejectMismatch", 103 }, 104 }, 105 client => { 106 extra => { 107 "ServerName" => "invalid", 108 }, 109 }, 110 test => { 111 "ExpectedResult" => "ServerFail", 112 "ExpectedServerAlert" => "UnrecognizedName" 113 }, 114 }, 115 { 116 name => "SNI-bad-clienthello-sni-ignore-mismatch", 117 server => { 118 extra => { 119 "ServerNameCallback" => "ClientHelloIgnoreMismatch", 120 }, 121 }, 122 client => { 123 extra => { 124 "ServerName" => "invalid", 125 }, 126 }, 127 test => { 128 "ExpectedServerName" => "server1", 129 "ExpectedResult" => "Success" 130 }, 131 }, 132 { 133 name => "SNI-bad-clienthello-sni-reject-mismatch", 134 server => { 135 extra => { 136 "ServerNameCallback" => "ClientHelloRejectMismatch", 137 }, 138 }, 139 client => { 140 extra => { 141 "ServerName" => "invalid", 142 }, 143 }, 144 test => { 145 "ExpectedResult" => "ServerFail", 146 "ExpectedServerAlert" => "UnrecognizedName" 147 }, 148 }, 149); 150 151our @tests_tls_1_1 = ( 152 { 153 name => "SNI-clienthello-disable-v12", 154 server => { 155 "CipherString" => "DEFAULT:\@SECLEVEL=0", 156 extra => { 157 "ServerNameCallback" => "ClientHelloNoV12", 158 }, 159 }, 160 client => { 161 "CipherString" => "DEFAULT:\@SECLEVEL=0", 162 extra => { 163 "ServerName" => "server2", 164 }, 165 }, 166 test => { 167 "ExpectedProtocol" => "TLSv1.1", 168 "ExpectedServerName" => "server2", 169 }, 170 }, 171); 172 173push @tests, @tests_tls_1_1 unless disabled("tls1_1") || $fips_mode; 174
