Extend the SNI tests to ensure that we have a hostname in the session

after a successful tlsext_sni_serverhello_parse() and that tlsext_sni_clienthello_parse() fails if we have an existing session and the SNI is mismatched.
author: jsing <> 2017-07-24 17:42:14 +0000
committer: jsing <> 2017-07-24 17:42:14 +0000
commit: 414271d0604c0c1ead77eb1acd192ba96ed63bc0 (patch)
tree: 2f448bfe70a383bf5731aecc9344577804276cff /src
parent: a3244a2497373d8f008d9ab9d18b2d98b92b84f3 (diff)
download: openbsd-414271d0604c0c1ead77eb1acd192ba96ed63bc0.tar.gz
openbsd-414271d0604c0c1ead77eb1acd192ba96ed63bc0.tar.bz2
openbsd-414271d0604c0c1ead77eb1acd192ba96ed63bc0.zip
1 files changed, 31 insertions, 2 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index abf6a9dfe6..792ccfe706 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.2 2017/07/24 17:15:27 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.3 2017/07/24 17:42:14 jsing Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -396,6 +396,19 @@ test_tlsext_sni_clienthello(void)
                goto done;
        }
+        ssl->internal->hit = 1;
+        if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
+            NULL)
+                errx(1, "failed to strdup tlsext_hostname");
+        CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
+        if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
+                fprintf(stderr, "FAIL: parsed clienthello with mismatched SNI\n");
+                failure = 1;
+                goto done;
+        }
 done:
        CBB_cleanup(&cbb);
        SSL_CTX_free(ssl_ctx);
@@ -475,6 +488,9 @@ test_tlsext_sni_serverhello(void)
                goto done;
        }
+        free(ssl->session->tlsext_hostname);
+        ssl->session->tlsext_hostname = NULL;
        CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
        if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
                fprintf(stderr, "FAIL: failed to parse serverhello SNI\n");
@@ -482,7 +498,20 @@ test_tlsext_sni_serverhello(void)
                goto done;
        }
-        /* XXX - test parse with session with mismatched name. */
+        if (ssl->session->tlsext_hostname == NULL) {
+                fprintf(stderr, "FAIL: no tlsext_hostname after serverhello SNI\n");
+                failure = 1;
+                goto done;
+        }
+        if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
+            strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
+                strlen(TEST_SNI_SERVERNAME)) != 0) {
+                fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n",
+                    ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
+                failure = 1;
+                goto done;
+        }
 done:
        CBB_cleanup(&cbb);
author	jsing <>	2017-07-24 17:42:14 +0000
committer	jsing <>	2017-07-24 17:42:14 +0000
commit	414271d0604c0c1ead77eb1acd192ba96ed63bc0 (patch)
tree	2f448bfe70a383bf5731aecc9344577804276cff /src
parent	a3244a2497373d8f008d9ab9d18b2d98b92b84f3 (diff)
download	openbsd-414271d0604c0c1ead77eb1acd192ba96ed63bc0.tar.gz openbsd-414271d0604c0c1ead77eb1acd192ba96ed63bc0.tar.bz2 openbsd-414271d0604c0c1ead77eb1acd192ba96ed63bc0.zip

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index abf6a9dfe6..792ccfe706 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.2 2017/07/24 17:15:27 jsing Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.3 2017/07/24 17:42:14 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -396,6 +396,19 @@ test_tlsext_sni_clienthello(void)
396	goto done;	396	goto done;
397	}	397	}
398		398
		399	ssl->internal->hit = 1;
		400
		401	if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
		402	NULL)
		403	errx(1, "failed to strdup tlsext_hostname");
		404
		405	CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
		406	if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
		407	fprintf(stderr, "FAIL: parsed clienthello with mismatched SNI\n");
		408	failure = 1;
		409	goto done;
		410	}
		411
399	done:	412	done:
400	CBB_cleanup(&cbb);	413	CBB_cleanup(&cbb);
401	SSL_CTX_free(ssl_ctx);	414	SSL_CTX_free(ssl_ctx);
@@ -475,6 +488,9 @@ test_tlsext_sni_serverhello(void)
475	goto done;	488	goto done;
476	}	489	}
477		490
		491	free(ssl->session->tlsext_hostname);
		492	ssl->session->tlsext_hostname = NULL;
		493
478	CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));	494	CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
479	if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {	495	if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
480	fprintf(stderr, "FAIL: failed to parse serverhello SNI\n");	496	fprintf(stderr, "FAIL: failed to parse serverhello SNI\n");
@@ -482,7 +498,20 @@ test_tlsext_sni_serverhello(void)
482	goto done;	498	goto done;
483	}	499	}
484		500
485	/* XXX - test parse with session with mismatched name. */	501	if (ssl->session->tlsext_hostname == NULL) {
		502	fprintf(stderr, "FAIL: no tlsext_hostname after serverhello SNI\n");
		503	failure = 1;
		504	goto done;
		505	}
		506
		507	if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) \|\|
		508	strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
		509	strlen(TEST_SNI_SERVERNAME)) != 0) {
		510	fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n",
		511	ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
		512	failure = 1;
		513	goto done;
		514	}
486		515
487	done:	516	done:
488	CBB_cleanup(&cbb);	517	CBB_cleanup(&cbb);