"Fossies" - the Fresh Open Source Software Archive 
"Fossies" - the Fresh Open Source Software Archive 1 #!/bin/sh 2 # 3 # Test --sni-nomatch-abort 4 5 . hitch_test.sh 6 7 PORT2=$(expr $LISTENPORT + 701) 8 9 cat >hitch.cfg <<EOF 10 sni-nomatch-abort = on 11 12 pem-file = "${CERTSDIR}/site1.example.com" 13 pem-file = "${CERTSDIR}/site2.example.com" 14 pem-file = "${CERTSDIR}/default.example.com" 15 16 backend = "[hitch-tls.org]:80" 17 18 frontend = { 19 host = "localhost" 20 port = "$LISTENPORT" 21 } 22 23 frontend = { 24 host = "localhost" 25 port = "$PORT2" 26 pem-file = "${CERTSDIR}/site3.example.com" 27 sni-nomatch-abort = off 28 } 29 EOF 30 31 start_hitch --config=hitch.cfg 32 33 if openssl s_client -help 2>&1 | grep -q -e -noservername; 34 then 35 NOSNI="-noservername" 36 else 37 NOSNI="" 38 fi 39 40 # No SNI - should not be affected. 41 s_client -connect localhost:$LISTENPORT $NOSNI >no-sni.dump 42 subject_field_eq CN "default.example.com" no-sni.dump 43 44 # SNI request w/ valid servername 45 s_client -servername site1.example.com \ 46 -connect localhost:$LISTENPORT >valid-sni.dump 47 subject_field_eq CN "site1.example.com" valid-sni.dump 48 49 # SNI w/ unknown servername 50 ! s_client -servername invalid.example.com \ 51 -connect localhost:$LISTENPORT >unknown-sni.dump 52 run_cmd grep 'unrecognized name' unknown-sni.dump 53 54 # SNI request w/ valid servername 55 s_client -servername site1.example.com \ 56 -connect localhost:$PORT2 >valid-sni-2.dump 57 subject_field_eq CN "site3.example.com" valid-sni-2.dump 58 59 # SNI w/ unknown servername 60 s_client -servername invalid.example.com \ 61 -connect localhost:$PORT2 >unknown-sni-2.dump 62 subject_field_eq CN "site3.example.com" unknown-sni-2.dump 63 64 # Ancient curl versions may not support --resolve 65 # This would skip this test, keep it last 66 curl_hitch \ 67 --resolve site1.example.com:$LISTENPORT:127.0.0.1 \ 68 -- https://site1.example.com:$LISTENPORT/