Test setting session ID context in early or SNI callback.

The former has always worked. The latter is new to the revised processing order. Change-Id: I993d29ccaca091725524847695df4d1944b609cf Reviewed-on: https://boringssl-review.googlesource.com/11848 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
2016-10-28 00:10:03 -04:00 · 2016-10-28 00:10:03 -04:00 · a933c38f1a
commit a933c38f1a
parent f01f42a2ce
1 changed files with 54 additions and 0 deletions
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@ -2032,6 +2032,27 @@ static bssl::UniquePtr<SSL_SESSION> ExpectSessionRenewed(SSL_CTX *client_ctx,
  return std::move(g_last_session);
 }

+static int SwitchSessionIDContextSNI(SSL *ssl, int *out_alert, void *arg) {
+  static const uint8_t kContext[] = {3};
+
+  if (!SSL_set_session_id_context(ssl, kContext, sizeof(kContext))) {
+    return SSL_TLSEXT_ERR_ALERT_FATAL;
+  }
+
+  return SSL_TLSEXT_ERR_OK;
+}
+
+static int SwitchSessionIDContextEarly(
+    const struct ssl_early_callback_ctx *ctx) {
+  static const uint8_t kContext[] = {3};
+
+  if (!SSL_set_session_id_context(ctx->ssl, kContext, sizeof(kContext))) {
+    return -1;
+  }
+
+  return 1;
+}
+
 static bool TestSessionIDContext() {
  bssl::UniquePtr<X509> cert = GetTestCertificate();
  bssl::UniquePtr<EVP_PKEY> key = GetTestKey();
@ -2086,6 +2107,39 @@ static bool TestSessionIDContext() {
              version);
      return false;
    }
+
+    // Change the session ID context back and install an SNI callback to switch
+    // it.
+    if (!SSL_CTX_set_session_id_context(server_ctx.get(), kContext1,
+                                        sizeof(kContext1))) {
+      return false;
+    }
+
+    SSL_CTX_set_tlsext_servername_callback(server_ctx.get(),
+                                           SwitchSessionIDContextSNI);
+
+    if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
+                             false /* expect session not reused */)) {
+      fprintf(
+          stderr,
+          "Error connection with different context (version = %04x, SNI).\n",
+          version);
+      return false;
+    }
+
+    // Switch the session ID context with the early callback instead.
+    SSL_CTX_set_tlsext_servername_callback(server_ctx.get(), nullptr);
+    SSL_CTX_set_select_certificate_cb(server_ctx.get(),
+                                      SwitchSessionIDContextEarly);
+
+    if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(), session.get(),
+                             false /* expect session not reused */)) {
+      fprintf(
+          stderr,
+          "Error connection with different context (version = %04x, early).\n",
+          version);
+      return false;
+    }
  }

  return true;