1# -*- mode: perl; -*-
2# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test SNI/Session tickets
11
12use strict;
13use warnings;
14
15package ssltests;
16
17
18our @tests = ();
19
20#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in
21#TLSv1.3.
22sub generate_tests() {
23    foreach my $c ("SessionTicket", "-SessionTicket") {
24        foreach my $s1 ("SessionTicket", "-SessionTicket") {
25            foreach my $s2 ("SessionTicket", "-SessionTicket") {
26                foreach my $n ("server1", "server2") {
27                    my $ticket_result = expected_result($c, $s1, $s2, $n);
28                    my $session_id_result = "Yes"; # always, even with a ticket
29                    push @tests, {
30                        "name" => "sni-session-ticket",
31                        "client" => {
32                            "Options" => $c,
33                            "extra" => {
34                                "ServerName" => $n,
35                            },
36                            "MaxProtocol" => "TLSv1.2"
37                        },
38                        "server" => {
39                            "Options" => $s1,
40                            "extra" => {
41                                # We don't test mismatch here.
42                                "ServerNameCallback" => "IgnoreMismatch",
43                            },
44                        },
45                        "server2" => {
46                            "Options" => $s2,
47                        },
48                        "test" => {
49                            "ExpectedServerName" => $n,
50                            "ExpectedResult" => "Success",
51                            "SessionIdExpected" => $session_id_result,
52                            "SessionTicketExpected" => $ticket_result,
53                        }
54                    };
55                }
56            }
57        }
58    }
59}
60
61# If the client has session tickets disabled, then No support
62# If the server initial_ctx has session tickets disabled, then No support
63# If SNI is in use, then if the "switched-to" context has session tickets disabled,
64#    then No support
65sub expected_result {
66    my ($c, $s1, $s2, $n) = @_;
67
68    return "No" if $c eq "-SessionTicket";
69    return "No" if $s1 eq "-SessionTicket";
70    return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
71
72    return "Yes";
73
74}
75
76# Add a "Broken" case.
77push @tests, {
78    "name" => "sni-session-ticket",
79    "client" => {
80        "MaxProtocol" => "TLSv1.2",
81        "Options" => "SessionTicket",
82        "extra" => {
83            "ServerName" => "server1",
84        }
85    },
86    "server" => {
87        "Options" => "SessionTicket",
88        "extra" => {
89              "BrokenSessionTicket" => "Yes",
90        },
91    },
92    "server2" => {
93        "Options" => "SessionTicket",
94    },
95    "test" => {
96        "ExpectedResult" => "Success",
97        "SessionTicketExpected" => "No",
98    }
99};
100
101generate_tests();
102