Fix SNI test failure
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
parent
9b2b7716b0
commit
f2a942073e
2 changed files with 60 additions and 6 deletions
|
@ -8247,7 +8247,7 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Parse ServerName extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
|
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
|
||||||
server_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
server_name_list_len = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||||
|
@ -8264,11 +8264,15 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
|
if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
|
||||||
{
|
{
|
||||||
|
ssl->handshake->sni_name = p + 3;
|
||||||
|
ssl->handshake->sni_name_len = hostname_len;
|
||||||
|
if( ssl->conf->f_sni == NULL )
|
||||||
|
return( 0 );
|
||||||
ret = ssl->conf->f_sni( ssl->conf->p_sni,
|
ret = ssl->conf->f_sni( ssl->conf->p_sni,
|
||||||
ssl, p + 3, hostname_len );
|
ssl, p + 3, hostname_len );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "sni_wrapper", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
|
||||||
mbedtls_ssl_send_alert_message(
|
mbedtls_ssl_send_alert_message(
|
||||||
ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
|
MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
|
||||||
|
|
|
@ -11399,6 +11399,53 @@ run_test "TLS 1.3: Server side check, no server certificate available" \
|
||||||
-s "No certificate available."
|
-s "No certificate available."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||||
|
requires_config_enabled MBEDTLS_DEBUG_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
|
run_test "TLS 1.3: Server side check - openssl with server name indication" \
|
||||||
|
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \
|
||||||
|
sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||||
|
"$O_NEXT_CLI -msg -debug -servername localhost -CAfile data_files/test-ca_cat12.crt -cert data_files/server5.crt -key data_files/server5.key -tls1_3" \
|
||||||
|
0 \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
|
||||||
|
-s "parse ServerName extension" \
|
||||||
|
-s "=> parse client hello" \
|
||||||
|
-s "<= parse client hello"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||||
|
requires_config_enabled MBEDTLS_DEBUG_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
|
run_test "TLS 1.3: Server side check - gnutls with server name indication" \
|
||||||
|
"$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \
|
||||||
|
sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||||
|
"$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \
|
||||||
|
0 \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
|
||||||
|
-s "parse ServerName extension" \
|
||||||
|
-s "=> parse client hello" \
|
||||||
|
-s "<= parse client hello"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
|
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
|
||||||
requires_config_enabled MBEDTLS_DEBUG_C
|
requires_config_enabled MBEDTLS_DEBUG_C
|
||||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||||
requires_config_enabled MBEDTLS_SSL_CLI_C
|
requires_config_enabled MBEDTLS_SSL_CLI_C
|
||||||
|
@ -11407,14 +11454,17 @@ run_test "TLS 1.3: Server side check - mbedtls with server name indication" \
|
||||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||||
"$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
"$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||||
force_version=tls13" \
|
force_version=tls13" \
|
||||||
1 \
|
0 \
|
||||||
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
|
||||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
|
||||||
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
|
-s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
|
||||||
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
|
||||||
-c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
|
-s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
|
||||||
-s "Parse ServerName extension" \
|
-s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
|
||||||
-s "SSL - The requested feature is not available" \
|
-s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
|
||||||
|
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
|
||||||
|
-s "parse ServerName extension" \
|
||||||
-s "=> parse client hello" \
|
-s "=> parse client hello" \
|
||||||
-s "<= parse client hello"
|
-s "<= parse client hello"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue