diff options
| author | jsing <> | 2017-07-24 17:42:14 +0000 |
|---|---|---|
| committer | jsing <> | 2017-07-24 17:42:14 +0000 |
| commit | 9af3e38fe92a253b8750cb8cabd59df372f2fdce (patch) | |
| tree | 2f448bfe70a383bf5731aecc9344577804276cff | |
| parent | 6642dc2432218e4d9462f7b283b0b3695c80f3ee (diff) | |
| download | openbsd-9af3e38fe92a253b8750cb8cabd59df372f2fdce.tar.gz openbsd-9af3e38fe92a253b8750cb8cabd59df372f2fdce.tar.bz2 openbsd-9af3e38fe92a253b8750cb8cabd59df372f2fdce.zip | |
Extend the SNI tests to ensure that we have a hostname in the session
after a successful tlsext_sni_serverhello_parse() and that
tlsext_sni_clienthello_parse() fails if we have an existing session and
the SNI is mismatched.
Diffstat (limited to '')
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index abf6a9dfe6..792ccfe706 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.2 2017/07/24 17:15:27 jsing Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.3 2017/07/24 17:42:14 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -396,6 +396,19 @@ test_tlsext_sni_clienthello(void) | |||
| 396 | goto done; | 396 | goto done; |
| 397 | } | 397 | } |
| 398 | 398 | ||
| 399 | ssl->internal->hit = 1; | ||
| 400 | |||
| 401 | if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == | ||
| 402 | NULL) | ||
| 403 | errx(1, "failed to strdup tlsext_hostname"); | ||
| 404 | |||
| 405 | CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); | ||
| 406 | if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) { | ||
| 407 | fprintf(stderr, "FAIL: parsed clienthello with mismatched SNI\n"); | ||
| 408 | failure = 1; | ||
| 409 | goto done; | ||
| 410 | } | ||
| 411 | |||
| 399 | done: | 412 | done: |
| 400 | CBB_cleanup(&cbb); | 413 | CBB_cleanup(&cbb); |
| 401 | SSL_CTX_free(ssl_ctx); | 414 | SSL_CTX_free(ssl_ctx); |
| @@ -475,6 +488,9 @@ test_tlsext_sni_serverhello(void) | |||
| 475 | goto done; | 488 | goto done; |
| 476 | } | 489 | } |
| 477 | 490 | ||
| 491 | free(ssl->session->tlsext_hostname); | ||
| 492 | ssl->session->tlsext_hostname = NULL; | ||
| 493 | |||
| 478 | CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello)); | 494 | CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello)); |
| 479 | if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) { | 495 | if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) { |
| 480 | fprintf(stderr, "FAIL: failed to parse serverhello SNI\n"); | 496 | fprintf(stderr, "FAIL: failed to parse serverhello SNI\n"); |
| @@ -482,7 +498,20 @@ test_tlsext_sni_serverhello(void) | |||
| 482 | goto done; | 498 | goto done; |
| 483 | } | 499 | } |
| 484 | 500 | ||
| 485 | /* XXX - test parse with session with mismatched name. */ | 501 | if (ssl->session->tlsext_hostname == NULL) { |
| 502 | fprintf(stderr, "FAIL: no tlsext_hostname after serverhello SNI\n"); | ||
| 503 | failure = 1; | ||
| 504 | goto done; | ||
| 505 | } | ||
| 506 | |||
| 507 | if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || | ||
| 508 | strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME, | ||
| 509 | strlen(TEST_SNI_SERVERNAME)) != 0) { | ||
| 510 | fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n", | ||
| 511 | ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME); | ||
| 512 | failure = 1; | ||
| 513 | goto done; | ||
| 514 | } | ||
| 486 | 515 | ||
| 487 | done: | 516 | done: |
| 488 | CBB_cleanup(&cbb); | 517 | CBB_cleanup(&cbb); |