static void test_wolfSSL_UseSNI_connection(void) { unsigned long i; callback_functions callbacks[] = { /* success case at ctx */ {0, use_SNI_at_ctx, 0, 0}, {0, use_SNI_at_ctx, 0, verify_SNI_real_matching}, /* success case at ssl */ {0, 0, use_SNI_at_ssl, 0}, {0, 0, use_SNI_at_ssl, verify_SNI_real_matching}, /* default missmatch behavior */ {0, 0, different_SNI_at_ssl, verify_FATAL_ERROR_on_client}, {0, 0, use_SNI_at_ssl, verify_UNKNOWN_SNI_on_server}, /* continue on missmatch */ {0, 0, different_SNI_at_ssl, 0}, {0, 0, use_SNI_WITH_CONTINUE_at_ssl, verify_SNI_no_matching}, /* fake answer on missmatch */ {0, 0, different_SNI_at_ssl, 0}, {0, 0, use_SNI_WITH_FAKE_ANSWER_at_ssl, verify_SNI_fake_matching}, /* sni abort - success */ {0, use_SNI_at_ctx, 0, 0}, {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_real_matching}, /* sni abort - abort when absent (ctx) */ {0, 0, 0, verify_FATAL_ERROR_on_client}, {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_ABSENT_on_server}, /* sni abort - abort when absent (ssl) */ {0, 0, 0, verify_FATAL_ERROR_on_client}, {0, 0, use_MANDATORY_SNI_at_ssl, verify_SNI_ABSENT_on_server}, /* sni abort - success when overwriten */ {0, 0, 0, 0}, {0, use_MANDATORY_SNI_at_ctx, use_SNI_at_ssl, verify_SNI_no_matching}, /* sni abort - success when allowing missmatches */ {0, 0, different_SNI_at_ssl, 0}, {0, use_PSEUDO_MANDATORY_SNI_at_ctx, 0, verify_SNI_fake_matching}, }; for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) { callbacks[i ].method = wolfSSLv23_client_method; callbacks[i + 1].method = wolfSSLv23_server_method; test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]); } }
static void test_wolfSSL_UseALPN_connection(void) { unsigned long i; callback_functions callbacks[] = { /* success case same list */ {0, 0, use_ALPN_all, 0}, {0, 0, use_ALPN_all, verify_ALPN_matching_http1}, /* success case only one for server */ {0, 0, use_ALPN_all, 0}, {0, 0, use_ALPN_one, verify_ALPN_matching_spdy2}, /* success case only one for client */ {0, 0, use_ALPN_one, 0}, {0, 0, use_ALPN_all, verify_ALPN_matching_spdy2}, /* success case none for client */ {0, 0, 0, 0}, {0, 0, use_ALPN_all, 0}, /* success case missmatch behavior but option 'continue' set */ {0, 0, use_ALPN_all_continue, verify_ALPN_not_matching_continue}, {0, 0, use_ALPN_unknown_continue, 0}, /* missmatch behavior with same list * the first and only this one must be taken */ {0, 0, use_ALPN_all, 0}, {0, 0, use_ALPN_all, verify_ALPN_not_matching_spdy3}, /* default missmatch behavior */ {0, 0, use_ALPN_all, 0}, {0, 0, use_ALPN_unknown, verify_ALPN_FATAL_ERROR_on_client}, }; for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) { callbacks[i ].method = wolfSSLv23_client_method; callbacks[i + 1].method = wolfSSLv23_server_method; test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]); } }
static void test_wolfSSL_UseSNI(void) { #ifdef HAVE_SNI callback_functions client_callbacks = {wolfSSLv23_client_method, 0, 0, 0}; callback_functions server_callbacks = {wolfSSLv23_server_method, 0, 0, 0}; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, (void *) "ssl", XSTRLEN("ssl"))); AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, (void *) NULL, XSTRLEN("ctx"))); AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, (void *) NULL, XSTRLEN("ssl"))); /* success case */ AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, (void *) "ctx", XSTRLEN("ctx"))); AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, (void *) "ssl", XSTRLEN("ssl"))); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); /* Testing success case at ctx */ client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx; server_callbacks.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_callbacks, &server_callbacks); /* Testing success case at ssl */ client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL; client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl; test_wolfSSL_client_server(&client_callbacks, &server_callbacks); /* Testing default mismatch behaviour */ client_callbacks.ssl_ready = different_SNI_at_ssl; client_callbacks.on_result = verify_SNI_abort_on_client; server_callbacks.on_result = verify_SNI_abort_on_server; test_wolfSSL_client_server(&client_callbacks, &server_callbacks); client_callbacks.on_result = NULL; /* Testing continue on mismatch */ client_callbacks.ssl_ready = different_SNI_at_ssl; server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_callbacks.on_result = verify_SNI_no_matching; test_wolfSSL_client_server(&client_callbacks, &server_callbacks); /* Testing fake answer on mismatch */ server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_callbacks.on_result = verify_SNI_fake_matching; test_wolfSSL_client_server(&client_callbacks, &server_callbacks); test_wolfSSL_SNI_GetFromBuffer(); #endif }