Improve test coverage for server_name extension.

Notably, this would have caught ed8270a55c
(although, apart from staring at code coverage, knowing to set resumeSession on
the server test isn't exactly obvious). Perhaps we should systematically set it
on all extension server tests; ClientHello extension parsing happens after
resumption has been determined and is often sensitive to it.

Change-Id: Ie83f294a26881a6a41969e9dbd102d0a93cb68b5
Reviewed-on: https://boringssl-review.googlesource.com/1750
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-09-06 12:45:15 -04:00 committed by Adam Langley
parent 594a58e078
commit e78bfded9f
6 changed files with 80 additions and 30 deletions

View File

@ -336,6 +336,9 @@ static int do_exchange(SSL_SESSION **out_session,
} }
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
} }
if (!config->host_name.empty()) {
SSL_set_tlsext_host_name(ssl, config->host_name.c_str());
}
BIO *bio = BIO_new_fd(fd, 1 /* take ownership */); BIO *bio = BIO_new_fd(fd, 1 /* take ownership */);
if (bio == NULL) { if (bio == NULL) {

View File

@ -449,6 +449,10 @@ type ProtocolBugs struct {
// SkipCipherVersionCheck causes the server to negotiate // SkipCipherVersionCheck causes the server to negotiate
// TLS 1.2 ciphers in earlier versions of TLS. // TLS 1.2 ciphers in earlier versions of TLS.
SkipCipherVersionCheck bool SkipCipherVersionCheck bool
// ExpectServerName, if not empty, is the hostname the client
// must specify in the server_name extension.
ExpectServerName string
} }
func (c *Config) serverInit() { func (c *Config) serverInit() {

View File

@ -237,6 +237,9 @@ Curves:
if len(hs.clientHello.serverName) > 0 { if len(hs.clientHello.serverName) > 0 {
hs.cert = config.getCertificateForName(hs.clientHello.serverName) hs.cert = config.getCertificateForName(hs.clientHello.serverName)
} }
if expected := c.config.Bugs.ExpectServerName; expected != "" && expected != hs.clientHello.serverName {
return false, errors.New("tls: unexpected server name")
}
if hs.clientHello.channelIDSupported && config.RequestChannelID { if hs.clientHello.channelIDSupported && config.RequestChannelID {
hs.hello.channelIDRequested = true hs.hello.channelIDRequested = true

View File

@ -201,36 +201,6 @@ var testCases = []testCase{
}, },
flags: []string{"-fallback-scsv"}, flags: []string{"-fallback-scsv"},
}, },
{
testType: serverTest,
name: "ServerNameExtension",
config: Config{
ServerName: "example.com",
},
flags: []string{"-expect-server-name", "example.com"},
},
{
testType: clientTest,
name: "DuplicateExtensionClient",
config: Config{
Bugs: ProtocolBugs{
DuplicateExtension: true,
},
},
shouldFail: true,
expectedLocalError: "remote error: error decoding message",
},
{
testType: serverTest,
name: "DuplicateExtensionServer",
config: Config{
Bugs: ProtocolBugs{
DuplicateExtension: true,
},
},
shouldFail: true,
expectedLocalError: "remote error: error decoding message",
},
{ {
name: "ClientCertificateTypes", name: "ClientCertificateTypes",
config: Config{ config: Config{
@ -1372,6 +1342,73 @@ func addD5BugTests() {
}) })
} }
func addExtensionTests() {
testCases = append(testCases, testCase{
testType: clientTest,
name: "DuplicateExtensionClient",
config: Config{
Bugs: ProtocolBugs{
DuplicateExtension: true,
},
},
shouldFail: true,
expectedLocalError: "remote error: error decoding message",
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "DuplicateExtensionServer",
config: Config{
Bugs: ProtocolBugs{
DuplicateExtension: true,
},
},
shouldFail: true,
expectedLocalError: "remote error: error decoding message",
})
testCases = append(testCases, testCase{
testType: clientTest,
name: "ServerNameExtensionClient",
config: Config{
Bugs: ProtocolBugs{
ExpectServerName: "example.com",
},
},
flags: []string{"-host-name", "example.com"},
})
testCases = append(testCases, testCase{
testType: clientTest,
name: "ServerNameExtensionClient",
config: Config{
Bugs: ProtocolBugs{
ExpectServerName: "mismatch.com",
},
},
flags: []string{"-host-name", "example.com"},
shouldFail: true,
expectedLocalError: "tls: unexpected server name",
})
testCases = append(testCases, testCase{
testType: clientTest,
name: "ServerNameExtensionClient",
config: Config{
Bugs: ProtocolBugs{
ExpectServerName: "missing.com",
},
},
shouldFail: true,
expectedLocalError: "tls: unexpected server name",
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ServerNameExtensionServer",
config: Config{
ServerName: "example.com",
},
flags: []string{"-expect-server-name", "example.com"},
resumeSession: true,
})
}
func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) { func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) {
defer wg.Done() defer wg.Done()
@ -1425,6 +1462,7 @@ func main() {
addClientAuthTests() addClientAuthTests()
addVersionNegotiationTests() addVersionNegotiationTests()
addD5BugTests() addD5BugTests()
addExtensionTests()
for _, async := range []bool{false, true} { for _, async := range []bool{false, true} {
for _, splitHandshake := range []bool{false, true} { for _, splitHandshake := range []bool{false, true} {
for _, protocol := range []protocol{tls, dtls} { for _, protocol := range []protocol{tls, dtls} {

View File

@ -67,6 +67,7 @@ const StringFlag kStringFlags[] = {
{ "-expect-next-proto", &TestConfig::expected_next_proto }, { "-expect-next-proto", &TestConfig::expected_next_proto },
{ "-select-next-proto", &TestConfig::select_next_proto }, { "-select-next-proto", &TestConfig::select_next_proto },
{ "-send-channel-id", &TestConfig::send_channel_id }, { "-send-channel-id", &TestConfig::send_channel_id },
{ "-host-name", &TestConfig::host_name },
}; };
const size_t kNumStringFlags = sizeof(kStringFlags) / sizeof(kStringFlags[0]); const size_t kNumStringFlags = sizeof(kStringFlags) / sizeof(kStringFlags[0]);

View File

@ -47,6 +47,7 @@ struct TestConfig {
std::string send_channel_id; std::string send_channel_id;
bool shim_writes_first; bool shim_writes_first;
bool tls_d5_bug; bool tls_d5_bug;
std::string host_name;
}; };
bool ParseConfig(int argc, char **argv, TestConfig *out_config); bool ParseConfig(int argc, char **argv, TestConfig *out_config);