1e1051a39Sopenharmony_ci# -*- mode: perl; -*- 2e1051a39Sopenharmony_ci# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci## SSL test configurations 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ciuse strict; 13e1051a39Sopenharmony_ciuse warnings; 14e1051a39Sopenharmony_ci 15e1051a39Sopenharmony_cipackage ssltests; 16e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 17e1051a39Sopenharmony_ci 18e1051a39Sopenharmony_ciour $fips_mode; 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ciour @tests = ( 21e1051a39Sopenharmony_ci { 22e1051a39Sopenharmony_ci name => "SNI-switch-context", 23e1051a39Sopenharmony_ci server => { 24e1051a39Sopenharmony_ci extra => { 25e1051a39Sopenharmony_ci "ServerNameCallback" => "IgnoreMismatch", 26e1051a39Sopenharmony_ci }, 27e1051a39Sopenharmony_ci }, 28e1051a39Sopenharmony_ci client => { 29e1051a39Sopenharmony_ci extra => { 30e1051a39Sopenharmony_ci "ServerName" => "server2", 31e1051a39Sopenharmony_ci }, 32e1051a39Sopenharmony_ci }, 33e1051a39Sopenharmony_ci test => { 34e1051a39Sopenharmony_ci "ExpectedServerName" => "server2", 35e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 36e1051a39Sopenharmony_ci }, 37e1051a39Sopenharmony_ci }, 38e1051a39Sopenharmony_ci { 39e1051a39Sopenharmony_ci name => "SNI-keep-context", 40e1051a39Sopenharmony_ci server => { 41e1051a39Sopenharmony_ci extra => { 42e1051a39Sopenharmony_ci "ServerNameCallback" => "IgnoreMismatch", 43e1051a39Sopenharmony_ci }, 44e1051a39Sopenharmony_ci }, 45e1051a39Sopenharmony_ci client => { 46e1051a39Sopenharmony_ci extra => { 47e1051a39Sopenharmony_ci "ServerName" => "server1", 48e1051a39Sopenharmony_ci }, 49e1051a39Sopenharmony_ci }, 50e1051a39Sopenharmony_ci test => { 51e1051a39Sopenharmony_ci "ExpectedServerName" => "server1", 52e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 53e1051a39Sopenharmony_ci }, 54e1051a39Sopenharmony_ci }, 55e1051a39Sopenharmony_ci { 56e1051a39Sopenharmony_ci name => "SNI-no-server-support", 57e1051a39Sopenharmony_ci server => { }, 58e1051a39Sopenharmony_ci client => { 59e1051a39Sopenharmony_ci extra => { 60e1051a39Sopenharmony_ci "ServerName" => "server1", 61e1051a39Sopenharmony_ci }, 62e1051a39Sopenharmony_ci }, 63e1051a39Sopenharmony_ci test => { "ExpectedResult" => "Success" }, 64e1051a39Sopenharmony_ci }, 65e1051a39Sopenharmony_ci { 66e1051a39Sopenharmony_ci name => "SNI-no-client-support", 67e1051a39Sopenharmony_ci server => { 68e1051a39Sopenharmony_ci extra => { 69e1051a39Sopenharmony_ci "ServerNameCallback" => "IgnoreMismatch", 70e1051a39Sopenharmony_ci }, 71e1051a39Sopenharmony_ci }, 72e1051a39Sopenharmony_ci client => { }, 73e1051a39Sopenharmony_ci test => { 74e1051a39Sopenharmony_ci # We expect that the callback is still called 75e1051a39Sopenharmony_ci # to let the application decide whether they tolerate 76e1051a39Sopenharmony_ci # missing SNI (as our test callback does). 77e1051a39Sopenharmony_ci "ExpectedServerName" => "server1", 78e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 79e1051a39Sopenharmony_ci }, 80e1051a39Sopenharmony_ci }, 81e1051a39Sopenharmony_ci { 82e1051a39Sopenharmony_ci name => "SNI-bad-sni-ignore-mismatch", 83e1051a39Sopenharmony_ci server => { 84e1051a39Sopenharmony_ci extra => { 85e1051a39Sopenharmony_ci "ServerNameCallback" => "IgnoreMismatch", 86e1051a39Sopenharmony_ci }, 87e1051a39Sopenharmony_ci }, 88e1051a39Sopenharmony_ci client => { 89e1051a39Sopenharmony_ci extra => { 90e1051a39Sopenharmony_ci "ServerName" => "invalid", 91e1051a39Sopenharmony_ci }, 92e1051a39Sopenharmony_ci }, 93e1051a39Sopenharmony_ci test => { 94e1051a39Sopenharmony_ci "ExpectedServerName" => "server1", 95e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 96e1051a39Sopenharmony_ci }, 97e1051a39Sopenharmony_ci }, 98e1051a39Sopenharmony_ci { 99e1051a39Sopenharmony_ci name => "SNI-bad-sni-reject-mismatch", 100e1051a39Sopenharmony_ci server => { 101e1051a39Sopenharmony_ci extra => { 102e1051a39Sopenharmony_ci "ServerNameCallback" => "RejectMismatch", 103e1051a39Sopenharmony_ci }, 104e1051a39Sopenharmony_ci }, 105e1051a39Sopenharmony_ci client => { 106e1051a39Sopenharmony_ci extra => { 107e1051a39Sopenharmony_ci "ServerName" => "invalid", 108e1051a39Sopenharmony_ci }, 109e1051a39Sopenharmony_ci }, 110e1051a39Sopenharmony_ci test => { 111e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 112e1051a39Sopenharmony_ci "ExpectedServerAlert" => "UnrecognizedName" 113e1051a39Sopenharmony_ci }, 114e1051a39Sopenharmony_ci }, 115e1051a39Sopenharmony_ci { 116e1051a39Sopenharmony_ci name => "SNI-bad-clienthello-sni-ignore-mismatch", 117e1051a39Sopenharmony_ci server => { 118e1051a39Sopenharmony_ci extra => { 119e1051a39Sopenharmony_ci "ServerNameCallback" => "ClientHelloIgnoreMismatch", 120e1051a39Sopenharmony_ci }, 121e1051a39Sopenharmony_ci }, 122e1051a39Sopenharmony_ci client => { 123e1051a39Sopenharmony_ci extra => { 124e1051a39Sopenharmony_ci "ServerName" => "invalid", 125e1051a39Sopenharmony_ci }, 126e1051a39Sopenharmony_ci }, 127e1051a39Sopenharmony_ci test => { 128e1051a39Sopenharmony_ci "ExpectedServerName" => "server1", 129e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 130e1051a39Sopenharmony_ci }, 131e1051a39Sopenharmony_ci }, 132e1051a39Sopenharmony_ci { 133e1051a39Sopenharmony_ci name => "SNI-bad-clienthello-sni-reject-mismatch", 134e1051a39Sopenharmony_ci server => { 135e1051a39Sopenharmony_ci extra => { 136e1051a39Sopenharmony_ci "ServerNameCallback" => "ClientHelloRejectMismatch", 137e1051a39Sopenharmony_ci }, 138e1051a39Sopenharmony_ci }, 139e1051a39Sopenharmony_ci client => { 140e1051a39Sopenharmony_ci extra => { 141e1051a39Sopenharmony_ci "ServerName" => "invalid", 142e1051a39Sopenharmony_ci }, 143e1051a39Sopenharmony_ci }, 144e1051a39Sopenharmony_ci test => { 145e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 146e1051a39Sopenharmony_ci "ExpectedServerAlert" => "UnrecognizedName" 147e1051a39Sopenharmony_ci }, 148e1051a39Sopenharmony_ci }, 149e1051a39Sopenharmony_ci); 150e1051a39Sopenharmony_ci 151e1051a39Sopenharmony_ciour @tests_tls_1_1 = ( 152e1051a39Sopenharmony_ci { 153e1051a39Sopenharmony_ci name => "SNI-clienthello-disable-v12", 154e1051a39Sopenharmony_ci server => { 155e1051a39Sopenharmony_ci "CipherString" => "DEFAULT:\@SECLEVEL=0", 156e1051a39Sopenharmony_ci extra => { 157e1051a39Sopenharmony_ci "ServerNameCallback" => "ClientHelloNoV12", 158e1051a39Sopenharmony_ci }, 159e1051a39Sopenharmony_ci }, 160e1051a39Sopenharmony_ci client => { 161e1051a39Sopenharmony_ci "CipherString" => "DEFAULT:\@SECLEVEL=0", 162e1051a39Sopenharmony_ci extra => { 163e1051a39Sopenharmony_ci "ServerName" => "server2", 164e1051a39Sopenharmony_ci }, 165e1051a39Sopenharmony_ci }, 166e1051a39Sopenharmony_ci test => { 167e1051a39Sopenharmony_ci "ExpectedProtocol" => "TLSv1.1", 168e1051a39Sopenharmony_ci "ExpectedServerName" => "server2", 169e1051a39Sopenharmony_ci }, 170e1051a39Sopenharmony_ci }, 171e1051a39Sopenharmony_ci); 172e1051a39Sopenharmony_ci 173e1051a39Sopenharmony_cipush @tests, @tests_tls_1_1 unless disabled("tls1_1") || $fips_mode; 174