From 141e470947327e0c4e8ef3c299b42d01064c484c Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 11 Oct 2017 14:42:25 +0100 Subject: [PATCH] Add a test for setting initial SNI in CH but not using it with early_data Test for the bug where early_data is not accepted by the server when it does not have an SNI callback set up, but the client sent a servername in the initial ClientHello establishing the session. Reviewed-by: Rich Salz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/4519) --- test/sslapitest.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/sslapitest.c b/test/sslapitest.c index 5299d5794b..c1137b08a5 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1507,6 +1507,16 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, NULL, NULL))) return 0; + /* + * For one of the run throughs (doesn't matter which one), we'll try sending + * some SNI data in the initial ClientHello. This will be ignored (because + * there is no SNI cb set up by the server), so it should not impact + * early_data. + */ + if (idx == 1 + && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost"))) + return 0; + if (idx == 2) { /* Create the PSK */ const SSL_CIPHER *cipher = NULL; -- 2.25.1