Add tests for SNI
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 606e8a8..7048f4d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -367,6 +367,8 @@
size_t servername_list_size, hostname_len;
const unsigned char *p;
+ SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
+
servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( servername_list_size + 2 != len )
{
@@ -389,6 +391,7 @@
ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
if( ret != 0 )
{
+ SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
SSL_ALERT_MSG_UNRECOGNIZED_NAME );
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 28ed048..d24fa0b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -48,10 +48,10 @@
shift
# run the commands
- $SRV_CMD $1 > srv_out &
+ $SHELL -c "$SRV_CMD $1" > srv_out &
SRV_PID=$!
sleep 1
- $CLI_CMD $2 > cli_out
+ $SHELL -c "$CLI_CMD $2" > cli_out
CLI_EXIT=$?
echo SERVERQUIT | openssl s_client -no_ticket \
-cert data_files/cli2.crt -key data_files/cli2.key \
@@ -461,6 +461,53 @@
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+# tests for SNI
+
+run_test "SNI #0 (no SNI callback)" \
+ "debug_level=4 server_addr=127.0.0.1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "debug_level=0 server_addr=127.0.0.1 \
+ server_name=localhost" \
+ 0 \
+ -S "parse ServerName extension" \
+ -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
+ -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+
+run_test "SNI #1 (matching cert 1)" \
+ "debug_level=4 server_addr=127.0.0.1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
+ "debug_level=0 server_addr=127.0.0.1 \
+ server_name=localhost" \
+ 0 \
+ -s "parse ServerName extension" \
+ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
+ -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+
+run_test "SNI #2 (matching cert 2)" \
+ "debug_level=4 server_addr=127.0.0.1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
+ "debug_level=0 server_addr=127.0.0.1 \
+ server_name='PolarSSL Server 1'" \
+ 0 \
+ -s "parse ServerName extension" \
+ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
+ -c "subject name *: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
+
+run_test "SNI #3 (no matching cert)" \
+ "debug_level=4 server_addr=127.0.0.1 \
+ crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \
+ "debug_level=0 server_addr=127.0.0.1 \
+ server_name='PolarSSL Server 2'" \
+ 1 \
+ -s "parse ServerName extension" \
+ -s "ssl_sni_wrapper() returned" \
+ -s "ssl_handshake returned" \
+ -c "ssl_handshake returned" \
+ -c "SSL - A fatal alert message was received from our peer"
+
# Final report
echo "------------------------------------------------------------------------"