xref: /freebsd-src/crypto/openssl/test/ssl-tests/06-sni-ticket.cnf.in (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1*e0c4386eSCy Schubert# -*- mode: perl; -*-
2*e0c4386eSCy Schubert# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert#
4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert# this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubert## Test SNI/Session tickets
11*e0c4386eSCy Schubert
12*e0c4386eSCy Schubertuse strict;
13*e0c4386eSCy Schubertuse warnings;
14*e0c4386eSCy Schubert
15*e0c4386eSCy Schubertpackage ssltests;
16*e0c4386eSCy Schubert
17*e0c4386eSCy Schubert
18*e0c4386eSCy Schubertour @tests = ();
19*e0c4386eSCy Schubert
20*e0c4386eSCy Schubert#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in
21*e0c4386eSCy Schubert#TLSv1.3.
22*e0c4386eSCy Schubertsub generate_tests() {
23*e0c4386eSCy Schubert    foreach my $c ("SessionTicket", "-SessionTicket") {
24*e0c4386eSCy Schubert        foreach my $s1 ("SessionTicket", "-SessionTicket") {
25*e0c4386eSCy Schubert            foreach my $s2 ("SessionTicket", "-SessionTicket") {
26*e0c4386eSCy Schubert                foreach my $n ("server1", "server2") {
27*e0c4386eSCy Schubert                    my $ticket_result = expected_result($c, $s1, $s2, $n);
28*e0c4386eSCy Schubert                    my $session_id_result = "Yes"; # always, even with a ticket
29*e0c4386eSCy Schubert                    push @tests, {
30*e0c4386eSCy Schubert                        "name" => "sni-session-ticket",
31*e0c4386eSCy Schubert                        "client" => {
32*e0c4386eSCy Schubert                            "Options" => $c,
33*e0c4386eSCy Schubert                            "extra" => {
34*e0c4386eSCy Schubert                                "ServerName" => $n,
35*e0c4386eSCy Schubert                            },
36*e0c4386eSCy Schubert                            "MaxProtocol" => "TLSv1.2"
37*e0c4386eSCy Schubert                        },
38*e0c4386eSCy Schubert                        "server" => {
39*e0c4386eSCy Schubert                            "Options" => $s1,
40*e0c4386eSCy Schubert                            "extra" => {
41*e0c4386eSCy Schubert                                # We don't test mismatch here.
42*e0c4386eSCy Schubert                                "ServerNameCallback" => "IgnoreMismatch",
43*e0c4386eSCy Schubert                            },
44*e0c4386eSCy Schubert                        },
45*e0c4386eSCy Schubert                        "server2" => {
46*e0c4386eSCy Schubert                            "Options" => $s2,
47*e0c4386eSCy Schubert                        },
48*e0c4386eSCy Schubert                        "test" => {
49*e0c4386eSCy Schubert                            "ExpectedServerName" => $n,
50*e0c4386eSCy Schubert                            "ExpectedResult" => "Success",
51*e0c4386eSCy Schubert                            "SessionIdExpected" => $session_id_result,
52*e0c4386eSCy Schubert                            "SessionTicketExpected" => $ticket_result,
53*e0c4386eSCy Schubert                        }
54*e0c4386eSCy Schubert                    };
55*e0c4386eSCy Schubert                }
56*e0c4386eSCy Schubert            }
57*e0c4386eSCy Schubert        }
58*e0c4386eSCy Schubert    }
59*e0c4386eSCy Schubert}
60*e0c4386eSCy Schubert
61*e0c4386eSCy Schubert# If the client has session tickets disabled, then No support
62*e0c4386eSCy Schubert# If the server initial_ctx has session tickets disabled, then No support
63*e0c4386eSCy Schubert# If SNI is in use, then if the "switched-to" context has session tickets disabled,
64*e0c4386eSCy Schubert#    then No support
65*e0c4386eSCy Schubertsub expected_result {
66*e0c4386eSCy Schubert    my ($c, $s1, $s2, $n) = @_;
67*e0c4386eSCy Schubert
68*e0c4386eSCy Schubert    return "No" if $c eq "-SessionTicket";
69*e0c4386eSCy Schubert    return "No" if $s1 eq "-SessionTicket";
70*e0c4386eSCy Schubert    return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
71*e0c4386eSCy Schubert
72*e0c4386eSCy Schubert    return "Yes";
73*e0c4386eSCy Schubert
74*e0c4386eSCy Schubert}
75*e0c4386eSCy Schubert
76*e0c4386eSCy Schubert# Add a "Broken" case.
77*e0c4386eSCy Schubertpush @tests, {
78*e0c4386eSCy Schubert    "name" => "sni-session-ticket",
79*e0c4386eSCy Schubert    "client" => {
80*e0c4386eSCy Schubert        "MaxProtocol" => "TLSv1.2",
81*e0c4386eSCy Schubert        "Options" => "SessionTicket",
82*e0c4386eSCy Schubert        "extra" => {
83*e0c4386eSCy Schubert            "ServerName" => "server1",
84*e0c4386eSCy Schubert        }
85*e0c4386eSCy Schubert    },
86*e0c4386eSCy Schubert    "server" => {
87*e0c4386eSCy Schubert        "Options" => "SessionTicket",
88*e0c4386eSCy Schubert        "extra" => {
89*e0c4386eSCy Schubert              "BrokenSessionTicket" => "Yes",
90*e0c4386eSCy Schubert        },
91*e0c4386eSCy Schubert    },
92*e0c4386eSCy Schubert    "server2" => {
93*e0c4386eSCy Schubert        "Options" => "SessionTicket",
94*e0c4386eSCy Schubert    },
95*e0c4386eSCy Schubert    "test" => {
96*e0c4386eSCy Schubert        "ExpectedResult" => "Success",
97*e0c4386eSCy Schubert        "SessionTicketExpected" => "No",
98*e0c4386eSCy Schubert    }
99*e0c4386eSCy Schubert};
100*e0c4386eSCy Schubert
101*e0c4386eSCy Schubertgenerate_tests();
102