diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 606e8a874..7048f4dd5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -367,6 +367,8 @@ static int ssl_parse_servername_ext( ssl_context *ssl, size_t servername_list_size, hostname_len; const unsigned char *p; + SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) ); + servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); if( servername_list_size + 2 != len ) { @@ -389,6 +391,7 @@ static int ssl_parse_servername_ext( ssl_context *ssl, ret = ssl_sni_wrapper( ssl, p + 3, hostname_len ); if( ret != 0 ) { + SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret ); ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL, SSL_ALERT_MSG_UNRECOGNIZED_NAME ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 28ed04886..d24fa0b98 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -48,10 +48,10 @@ run_test() { shift # run the commands - $SRV_CMD $1 > srv_out & + $SHELL -c "$SRV_CMD $1" > srv_out & SRV_PID=$! sleep 1 - $CLI_CMD $2 > cli_out + $SHELL -c "$CLI_CMD $2" > cli_out CLI_EXIT=$? echo SERVERQUIT | openssl s_client -no_ticket \ -cert data_files/cli2.crt -key data_files/cli2.key \ @@ -461,6 +461,53 @@ run_test "Authentication #6 (client badcert, server none)" \ -C "! ssl_handshake returned" \ -S "X509 - Certificate verification failed" +# tests for SNI + +run_test "SNI #0 (no SNI callback)" \ + "debug_level=4 server_addr=127.0.0.1 \ + crt_file=data_files/server5.crt key_file=data_files/server5.key" \ + "debug_level=0 server_addr=127.0.0.1 \ + server_name=localhost" \ + 0 \ + -S "parse ServerName extension" \ + -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ + -c "subject name *: C=NL, O=PolarSSL, CN=localhost" + +run_test "SNI #1 (matching cert 1)" \ + "debug_level=4 server_addr=127.0.0.1 \ + crt_file=data_files/server5.crt key_file=data_files/server5.key \ + sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \ + "debug_level=0 server_addr=127.0.0.1 \ + server_name=localhost" \ + 0 \ + -s "parse ServerName extension" \ + -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ + -c "subject name *: C=NL, O=PolarSSL, CN=localhost" + +run_test "SNI #2 (matching cert 2)" \ + "debug_level=4 server_addr=127.0.0.1 \ + crt_file=data_files/server5.crt key_file=data_files/server5.key \ + sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \ + "debug_level=0 server_addr=127.0.0.1 \ + server_name='PolarSSL Server 1'" \ + 0 \ + -s "parse ServerName extension" \ + -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ + -c "subject name *: C=NL, O=PolarSSL, CN=PolarSSL Server 1" + +run_test "SNI #3 (no matching cert)" \ + "debug_level=4 server_addr=127.0.0.1 \ + crt_file=data_files/server5.crt key_file=data_files/server5.key \ + sni='localhost,data_files/server2.crt,data_files/server2.key,PolarSSL Server 1,data_files/server1.crt,data_files/server1.key'" \ + "debug_level=0 server_addr=127.0.0.1 \ + server_name='PolarSSL Server 2'" \ + 1 \ + -s "parse ServerName extension" \ + -s "ssl_sni_wrapper() returned" \ + -s "ssl_handshake returned" \ + -c "ssl_handshake returned" \ + -c "SSL - A fatal alert message was received from our peer" + # Final report echo "------------------------------------------------------------------------"