Add regress coverage for the TLS Renegotiation Indication extension.

author: jsing <> 2017-07-24 17:15:27 +0000
committer: jsing <> 2017-07-24 17:15:27 +0000
commit: 4594b1e8ad00ae1d91a124a6062005c5f4c0a260 (patch)
tree: 7247e470d3966779c07f04bfa28a581f6339f3dc /src/regress/lib
parent: 367191ae741e8a7c4ce333bdaa5ef7aaa43e3d3b (diff)
download: openbsd-4594b1e8ad00ae1d91a124a6062005c5f4c0a260.tar.gz
openbsd-4594b1e8ad00ae1d91a124a6062005c5f4c0a260.tar.bz2
openbsd-4594b1e8ad00ae1d91a124a6062005c5f4c0a260.zip
1 files changed, 266 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 557c3ca409..abf6a9dfe6 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.1 2017/07/16 18:18:10 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.2 2017/07/24 17:15:27 jsing Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -33,6 +33,268 @@ hexdump(const unsigned char *buf, size_t len)
        fprintf(stderr, "\n");
 }
+/*
+ * Renegotiation Indication - RFC 5746.
+ */
+static unsigned char tlsext_ri_prev_client[] = {
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+};
+static unsigned char tlsext_ri_prev_server[] = {
+        0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
+        0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
+};
+static unsigned char tlsext_ri_clienthello[] = {
+        0x10,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+};
+static unsigned char tlsext_ri_serverhello[] = {
+        0x20,
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+        0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
+        0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
+};
+static int
+test_tlsext_ri_clienthello(void)
+{
+        unsigned char *data = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        int failure = 0;
+        size_t dlen;
+        int alert;
+        CBB cbb;
+        CBS cbs;
+        CBB_init(&cbb, 0);
+        if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        if (tlsext_ri_clienthello_needs(ssl)) {
+                fprintf(stderr, "FAIL: clienthello should not need RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (!SSL_renegotiate(ssl)) {
+                fprintf(stderr, "FAIL: client failed to set renegotiate\n");
+                failure = 1;
+                goto done;
+        }
+        if (!tlsext_ri_clienthello_needs(ssl)) {
+                fprintf(stderr, "FAIL: clienthello should need RI\n");
+                failure = 1;
+                goto done;
+        }
+        memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
+            sizeof(tlsext_ri_prev_client));
+        S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
+        S3I(ssl)->renegotiate_seen = 0;
+        if (!tlsext_ri_clienthello_build(ssl, &cbb)) {
+                fprintf(stderr, "FAIL: clienthello failed to build RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_ri_clienthello)) {
+                fprintf(stderr, "FAIL: got clienthello RI with length %zu, "
+                    "want length %zu\n", dlen, sizeof(tlsext_ri_clienthello));
+                failure = 1;
+                goto done;
+        }
+        if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) {
+                fprintf(stderr, "FAIL: clienthello RI differs:\n");
+                fprintf(stderr, "received:\n");
+                hexdump(data, dlen);
+                fprintf(stderr, "test data:\n");
+                hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
+                failure = 1;
+                goto done;
+        }
+        CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
+        if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
+                fprintf(stderr, "FAIL: failed to parse clienthello RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (S3I(ssl)->renegotiate_seen != 1) {
+                fprintf(stderr, "FAIL: renegotiate seen not set\n");
+                failure = 1;
+                goto done;
+        }
+        if (S3I(ssl)->send_connection_binding != 1) {
+                fprintf(stderr, "FAIL: send connection binding not set\n");
+                failure = 1;
+                goto done;
+        }
+        memset(S3I(ssl)->previous_client_finished, 0,
+            sizeof(S3I(ssl)->previous_client_finished));
+        S3I(ssl)->renegotiate_seen = 0;
+        CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
+        if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
+                fprintf(stderr, "FAIL: parsed invalid clienthello RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (S3I(ssl)->renegotiate_seen == 1) {
+                fprintf(stderr, "FAIL: renegotiate seen set\n");
+                failure = 1;
+                goto done;
+        }
+ done:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+static int
+test_tlsext_ri_serverhello(void)
+{
+        unsigned char *data = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        int failure = 0;
+        size_t dlen;
+        int alert;
+        CBB cbb;
+        CBS cbs;
+        CBB_init(&cbb, 0);
+        if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        if (tlsext_ri_serverhello_needs(ssl)) {
+                fprintf(stderr, "FAIL: serverhello should not need RI\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->send_connection_binding = 1;
+        
+        if (!tlsext_ri_serverhello_needs(ssl)) {
+                fprintf(stderr, "FAIL: serverhello should need RI\n");
+                failure = 1;
+                goto done;
+        }
+        memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
+            sizeof(tlsext_ri_prev_client));
+        S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
+        memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
+            sizeof(tlsext_ri_prev_server));
+        S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
+        S3I(ssl)->renegotiate_seen = 0;
+        if (!tlsext_ri_serverhello_build(ssl, &cbb)) {
+                fprintf(stderr, "FAIL: serverhello failed to build RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_ri_serverhello)) {
+                fprintf(stderr, "FAIL: got serverhello RI with length %zu, "
+                    "want length %zu\n", dlen, sizeof(tlsext_ri_serverhello));
+                failure = 1;
+                goto done;
+        }
+        if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) {
+                fprintf(stderr, "FAIL: serverhello RI differs:\n");
+                fprintf(stderr, "received:\n");
+                hexdump(data, dlen);
+                fprintf(stderr, "test data:\n");
+                hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
+                failure = 1;
+                goto done;
+        }
+        CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
+        if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
+                fprintf(stderr, "FAIL: failed to parse serverhello RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (S3I(ssl)->renegotiate_seen != 1) {
+                fprintf(stderr, "FAIL: renegotiate seen not set\n");
+                failure = 1;
+                goto done;
+        }
+        if (S3I(ssl)->send_connection_binding != 1) {
+                fprintf(stderr, "FAIL: send connection binding not set\n");
+                failure = 1;
+                goto done;
+        }
+        memset(S3I(ssl)->previous_client_finished, 0,
+            sizeof(S3I(ssl)->previous_client_finished));
+        memset(S3I(ssl)->previous_server_finished, 0,
+            sizeof(S3I(ssl)->previous_server_finished));
+        S3I(ssl)->renegotiate_seen = 0;
+        CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
+        if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
+                fprintf(stderr, "FAIL: parsed invalid serverhello RI\n");
+                failure = 1;
+                goto done;
+        }
+        if (S3I(ssl)->renegotiate_seen == 1) {
+                fprintf(stderr, "FAIL: renegotiate seen set\n");
+                failure = 1;
+                goto done;
+        }
+ done:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+/*
+ * Server Name Indication - RFC 6066, section 3.
+ */
 #define TEST_SNI_SERVERNAME "www.libressl.org"
 static unsigned char tlsext_sni_clienthello[] = {
@@ -238,6 +500,9 @@ main(int argc, char **argv)
        SSL_library_init();
+        failed |= test_tlsext_ri_clienthello();
+        failed |= test_tlsext_ri_serverhello();
        failed |= test_tlsext_sni_clienthello();
        failed |= test_tlsext_sni_serverhello();
author	jsing <>	2017-07-24 17:15:27 +0000
committer	jsing <>	2017-07-24 17:15:27 +0000
commit	4594b1e8ad00ae1d91a124a6062005c5f4c0a260 (patch)
tree	7247e470d3966779c07f04bfa28a581f6339f3dc /src/regress/lib
parent	367191ae741e8a7c4ce333bdaa5ef7aaa43e3d3b (diff)
download	openbsd-4594b1e8ad00ae1d91a124a6062005c5f4c0a260.tar.gz openbsd-4594b1e8ad00ae1d91a124a6062005c5f4c0a260.tar.bz2 openbsd-4594b1e8ad00ae1d91a124a6062005c5f4c0a260.zip

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 557c3ca409..abf6a9dfe6 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.1 2017/07/16 18:18:10 jsing Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.2 2017/07/24 17:15:27 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -33,6 +33,268 @@ hexdump(const unsigned char *buf, size_t len)
33	fprintf(stderr, "\n");	33	fprintf(stderr, "\n");
34	}	34	}
35		35
		36	/*
		37	* Renegotiation Indication - RFC 5746.
		38	*/
		39
		40	static unsigned char tlsext_ri_prev_client[] = {
		41	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
		42	0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
		43	};
		44
		45	static unsigned char tlsext_ri_prev_server[] = {
		46	0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
		47	0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
		48	};
		49
		50	static unsigned char tlsext_ri_clienthello[] = {
		51	0x10,
		52	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
		53	0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
		54	};
		55
		56	static unsigned char tlsext_ri_serverhello[] = {
		57	0x20,
		58	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
		59	0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
		60	0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
		61	0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
		62	};
		63
		64	static int
		65	test_tlsext_ri_clienthello(void)
		66	{
		67	unsigned char *data = NULL;
		68	SSL_CTX *ssl_ctx = NULL;
		69	SSL *ssl = NULL;
		70	int failure = 0;
		71	size_t dlen;
		72	int alert;
		73	CBB cbb;
		74	CBS cbs;
		75
		76	CBB_init(&cbb, 0);
		77
		78	if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
		79	errx(1, "failed to create SSL_CTX");
		80	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		81	errx(1, "failed to create SSL");
		82
		83	if (tlsext_ri_clienthello_needs(ssl)) {
		84	fprintf(stderr, "FAIL: clienthello should not need RI\n");
		85	failure = 1;
		86	goto done;
		87	}
		88
		89	if (!SSL_renegotiate(ssl)) {
		90	fprintf(stderr, "FAIL: client failed to set renegotiate\n");
		91	failure = 1;
		92	goto done;
		93	}
		94
		95	if (!tlsext_ri_clienthello_needs(ssl)) {
		96	fprintf(stderr, "FAIL: clienthello should need RI\n");
		97	failure = 1;
		98	goto done;
		99	}
		100
		101	memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
		102	sizeof(tlsext_ri_prev_client));
		103	S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
		104
		105	S3I(ssl)->renegotiate_seen = 0;
		106
		107	if (!tlsext_ri_clienthello_build(ssl, &cbb)) {
		108	fprintf(stderr, "FAIL: clienthello failed to build RI\n");
		109	failure = 1;
		110	goto done;
		111	}
		112
		113	if (!CBB_finish(&cbb, &data, &dlen))
		114	errx(1, "failed to finish CBB");
		115
		116	if (dlen != sizeof(tlsext_ri_clienthello)) {
		117	fprintf(stderr, "FAIL: got clienthello RI with length %zu, "
		118	"want length %zu\n", dlen, sizeof(tlsext_ri_clienthello));
		119	failure = 1;
		120	goto done;
		121	}
		122
		123	if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) {
		124	fprintf(stderr, "FAIL: clienthello RI differs:\n");
		125	fprintf(stderr, "received:\n");
		126	hexdump(data, dlen);
		127	fprintf(stderr, "test data:\n");
		128	hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
		129	failure = 1;
		130	goto done;
		131	}
		132
		133	CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
		134	if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
		135	fprintf(stderr, "FAIL: failed to parse clienthello RI\n");
		136	failure = 1;
		137	goto done;
		138	}
		139
		140	if (S3I(ssl)->renegotiate_seen != 1) {
		141	fprintf(stderr, "FAIL: renegotiate seen not set\n");
		142	failure = 1;
		143	goto done;
		144	}
		145	if (S3I(ssl)->send_connection_binding != 1) {
		146	fprintf(stderr, "FAIL: send connection binding not set\n");
		147	failure = 1;
		148	goto done;
		149	}
		150
		151	memset(S3I(ssl)->previous_client_finished, 0,
		152	sizeof(S3I(ssl)->previous_client_finished));
		153
		154	S3I(ssl)->renegotiate_seen = 0;
		155
		156	CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
		157	if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
		158	fprintf(stderr, "FAIL: parsed invalid clienthello RI\n");
		159	failure = 1;
		160	goto done;
		161	}
		162
		163	if (S3I(ssl)->renegotiate_seen == 1) {
		164	fprintf(stderr, "FAIL: renegotiate seen set\n");
		165	failure = 1;
		166	goto done;
		167	}
		168
		169	done:
		170	CBB_cleanup(&cbb);
		171	SSL_CTX_free(ssl_ctx);
		172	SSL_free(ssl);
		173	free(data);
		174
		175	return (failure);
		176	}
		177
		178	static int
		179	test_tlsext_ri_serverhello(void)
		180	{
		181	unsigned char *data = NULL;
		182	SSL_CTX *ssl_ctx = NULL;
		183	SSL *ssl = NULL;
		184	int failure = 0;
		185	size_t dlen;
		186	int alert;
		187	CBB cbb;
		188	CBS cbs;
		189
		190	CBB_init(&cbb, 0);
		191
		192	if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
		193	errx(1, "failed to create SSL_CTX");
		194	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		195	errx(1, "failed to create SSL");
		196
		197	if (tlsext_ri_serverhello_needs(ssl)) {
		198	fprintf(stderr, "FAIL: serverhello should not need RI\n");
		199	failure = 1;
		200	goto done;
		201	}
		202
		203	S3I(ssl)->send_connection_binding = 1;
		204
		205	if (!tlsext_ri_serverhello_needs(ssl)) {
		206	fprintf(stderr, "FAIL: serverhello should need RI\n");
		207	failure = 1;
		208	goto done;
		209	}
		210
		211	memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
		212	sizeof(tlsext_ri_prev_client));
		213	S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
		214
		215	memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
		216	sizeof(tlsext_ri_prev_server));
		217	S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
		218
		219	S3I(ssl)->renegotiate_seen = 0;
		220
		221	if (!tlsext_ri_serverhello_build(ssl, &cbb)) {
		222	fprintf(stderr, "FAIL: serverhello failed to build RI\n");
		223	failure = 1;
		224	goto done;
		225	}
		226
		227	if (!CBB_finish(&cbb, &data, &dlen))
		228	errx(1, "failed to finish CBB");
		229
		230	if (dlen != sizeof(tlsext_ri_serverhello)) {
		231	fprintf(stderr, "FAIL: got serverhello RI with length %zu, "
		232	"want length %zu\n", dlen, sizeof(tlsext_ri_serverhello));
		233	failure = 1;
		234	goto done;
		235	}
		236
		237	if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) {
		238	fprintf(stderr, "FAIL: serverhello RI differs:\n");
		239	fprintf(stderr, "received:\n");
		240	hexdump(data, dlen);
		241	fprintf(stderr, "test data:\n");
		242	hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
		243	failure = 1;
		244	goto done;
		245	}
		246
		247	CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
		248	if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
		249	fprintf(stderr, "FAIL: failed to parse serverhello RI\n");
		250	failure = 1;
		251	goto done;
		252	}
		253
		254	if (S3I(ssl)->renegotiate_seen != 1) {
		255	fprintf(stderr, "FAIL: renegotiate seen not set\n");
		256	failure = 1;
		257	goto done;
		258	}
		259	if (S3I(ssl)->send_connection_binding != 1) {
		260	fprintf(stderr, "FAIL: send connection binding not set\n");
		261	failure = 1;
		262	goto done;
		263	}
		264
		265	memset(S3I(ssl)->previous_client_finished, 0,
		266	sizeof(S3I(ssl)->previous_client_finished));
		267	memset(S3I(ssl)->previous_server_finished, 0,
		268	sizeof(S3I(ssl)->previous_server_finished));
		269
		270	S3I(ssl)->renegotiate_seen = 0;
		271
		272	CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
		273	if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
		274	fprintf(stderr, "FAIL: parsed invalid serverhello RI\n");
		275	failure = 1;
		276	goto done;
		277	}
		278
		279	if (S3I(ssl)->renegotiate_seen == 1) {
		280	fprintf(stderr, "FAIL: renegotiate seen set\n");
		281	failure = 1;
		282	goto done;
		283	}
		284
		285	done:
		286	CBB_cleanup(&cbb);
		287	SSL_CTX_free(ssl_ctx);
		288	SSL_free(ssl);
		289	free(data);
		290
		291	return (failure);
		292	}
		293
		294	/*
		295	* Server Name Indication - RFC 6066, section 3.
		296	*/
		297
36	#define TEST_SNI_SERVERNAME "www.libressl.org"	298	#define TEST_SNI_SERVERNAME "www.libressl.org"
37		299
38	static unsigned char tlsext_sni_clienthello[] = {	300	static unsigned char tlsext_sni_clienthello[] = {
@@ -238,6 +500,9 @@ main(int argc, char **argv)
238		500
239	SSL_library_init();	501	SSL_library_init();
240		502
		503	failed \|= test_tlsext_ri_clienthello();
		504	failed \|= test_tlsext_ri_serverhello();
		505
241	failed \|= test_tlsext_sni_clienthello();	506	failed \|= test_tlsext_sni_clienthello();
242	failed \|= test_tlsext_sni_serverhello();	507	failed \|= test_tlsext_sni_serverhello();
243		508