[thirdparty/openssl.git] / test / ssl_test_ctx_test.c

/*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * Ideally, CONF should offer standard parsing methods and cover them
 * in tests. But since we have no CONF tests, we use a custom test for now.
 */

#include <stdio.h>
#include <string.h>

#include "e_os.h"
#include "ssl_test_ctx.h"
#include "testutil.h"
#include "test_main_custom.h"
#include <openssl/e_os2.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/ssl.h>

static CONF *conf = NULL;

typedef struct ssl_test_ctx_test_fixture {
    const char *test_case_name;
    const char *test_section;
    /* Expected parsed configuration. */
    SSL_TEST_CTX *expected_ctx;
} SSL_TEST_CTX_TEST_FIXTURE;


static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client,
                                      SSL_TEST_CLIENT_CONF *client2)
{
    if (client->verify_callback != client2->verify_callback) {
        fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
                ssl_verify_callback_name(client->verify_callback),
                ssl_verify_callback_name(client2->verify_callback));
        return 0;
    }
    if (client->servername != client2->servername) {
        fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
                ssl_servername_name(client->servername),
                ssl_servername_name(client2->servername));
        return 0;
    }
    if (!strings_equal("Client NPNProtocols", client->npn_protocols,
                       client2->npn_protocols))
        return 0;
    if (!strings_equal("Client ALPNProtocols", client->alpn_protocols,
                       client2->alpn_protocols))
        return 0;
    if (client->ct_validation != client2->ct_validation) {
        fprintf(stderr, "CTValidation mismatch: %s vs %s.\n",
                ssl_ct_validation_name(client->ct_validation),
                ssl_ct_validation_name(client2->ct_validation));
        return 0;
    }
    return 1;
}

static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server,
                                      SSL_TEST_SERVER_CONF *server2)
{
    if (server->servername_callback != server2->servername_callback) {
        fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n",
                ssl_servername_callback_name(server->servername_callback),
                ssl_servername_callback_name(server2->servername_callback));
        return 0;
    }
    if (!strings_equal("Server NPNProtocols", server->npn_protocols,
                       server2->npn_protocols))
        return 0;
    if (!strings_equal("Server ALPNProtocols", server->alpn_protocols,
                       server2->alpn_protocols))
        return 0;
    if (server->broken_session_ticket != server2->broken_session_ticket) {
        fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n",
                server->broken_session_ticket, server2->broken_session_ticket);
        return 0;
    }
    if (server->cert_status != server2->cert_status) {
        fprintf(stderr, "CertStatus mismatch: %s vs %s.\n",
                ssl_certstatus_name(server->cert_status),
                ssl_certstatus_name(server2->cert_status));
        return 0;
    }
    return 1;
}

static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra,
                                     SSL_TEST_EXTRA_CONF *extra2)
{
    return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client)
        && SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server)
        && SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2);
}

/* Returns 1 if the contexts are equal, 0 otherwise. */
static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
{
    if (ctx->method != ctx2->method) {
        fprintf(stderr, "Method mismatch: %s vs %s.\n",
                ssl_test_method_name(ctx->method),
                ssl_test_method_name(ctx2->method));
        return 0;
    }
    if (ctx->handshake_mode != ctx2->handshake_mode) {
        fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
                ssl_handshake_mode_name(ctx->handshake_mode),
                ssl_handshake_mode_name(ctx2->handshake_mode));
        return 0;
    }
    if (ctx->app_data_size != ctx2->app_data_size) {
        fprintf(stderr, "ApplicationData mismatch: %d vs %d.\n",
                ctx->app_data_size, ctx2->app_data_size);
        return 0;
    }

    if (ctx->max_fragment_size != ctx2->max_fragment_size) {
        fprintf(stderr, "MaxFragmentSize mismatch: %d vs %d.\n",
                ctx->max_fragment_size, ctx2->max_fragment_size);
        return 0;
    }

    if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) {
        fprintf(stderr, "Extra conf mismatch.\n");
        return 0;
    }
    if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) {
        fprintf(stderr, "Resume extra conf mismatch.\n");
        return 0;
    }

    if (ctx->expected_result != ctx2->expected_result) {
        fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
                ssl_test_result_name(ctx->expected_result),
                ssl_test_result_name(ctx2->expected_result));
        return 0;
    }
    if (ctx->expected_client_alert != ctx2->expected_client_alert) {
        fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
                ssl_alert_name(ctx->expected_client_alert),
                ssl_alert_name(ctx2->expected_client_alert));
        return 0;
    }
    if (ctx->expected_server_alert != ctx2->expected_server_alert) {
        fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n",
                ssl_alert_name(ctx->expected_server_alert),
                ssl_alert_name(ctx2->expected_server_alert));
        return 0;
    }
    if (ctx->expected_protocol != ctx2->expected_protocol) {
        fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
                ssl_protocol_name(ctx->expected_protocol),
                ssl_protocol_name(ctx2->expected_protocol));
        return 0;
    }
    if (ctx->expected_servername != ctx2->expected_servername) {
        fprintf(stderr, "ExpectedServerName mismatch: %s vs %s.\n",
                ssl_servername_name(ctx->expected_servername),
                ssl_servername_name(ctx2->expected_servername));
        return 0;
    }
    if (ctx->session_ticket_expected != ctx2->session_ticket_expected) {
        fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
                ssl_session_ticket_name(ctx->session_ticket_expected),
                ssl_session_ticket_name(ctx2->session_ticket_expected));
        return 0;
    }
    if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol,
                       ctx2->expected_npn_protocol))
        return 0;
    if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
                       ctx2->expected_alpn_protocol))
        return 0;
    if (ctx->resumption_expected != ctx2->resumption_expected) {
        fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n",
                ctx->resumption_expected, ctx2->resumption_expected);
        return 0;
    }
    return 1;
}

static SSL_TEST_CTX_TEST_FIXTURE set_up(const char *const test_case_name)
{
    SSL_TEST_CTX_TEST_FIXTURE fixture;
    fixture.test_case_name = test_case_name;
    fixture.expected_ctx = SSL_TEST_CTX_new();
    TEST_check(fixture.expected_ctx != NULL);
    return fixture;
}

static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
    int success = 0;

    SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section);

    if (ctx == NULL) {
        fprintf(stderr, "Failed to parse good configuration %s.\n",
                fixture.test_section);
        goto err;
    }

    if (!SSL_TEST_CTX_equal(ctx, fixture.expected_ctx))
        goto err;

    success = 1;
 err:
    SSL_TEST_CTX_free(ctx);
    return success;
}

static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
    SSL_TEST_CTX_free(fixture.expected_ctx);
}

#define SETUP_SSL_TEST_CTX_TEST_FIXTURE()                       \
    SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up)
#define EXECUTE_SSL_TEST_CTX_TEST()             \
    EXECUTE_TEST(execute_test, tear_down)

static int test_empty_configuration()
{
    SETUP_SSL_TEST_CTX_TEST_FIXTURE();
    fixture.test_section = "ssltest_default";
    fixture.expected_ctx->expected_result = SSL_TEST_SUCCESS;
    EXECUTE_SSL_TEST_CTX_TEST();
}

static int test_good_configuration()
{
    SETUP_SSL_TEST_CTX_TEST_FIXTURE();
    fixture.test_section = "ssltest_good";
    fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
    fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
    fixture.expected_ctx->app_data_size = 1024;
    fixture.expected_ctx->max_fragment_size = 2048;

    fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL;
    fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA;
    fixture.expected_ctx->expected_server_alert = 0;  /* No alert. */
    fixture.expected_ctx->expected_protocol = TLS1_1_VERSION;
    fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2;
    fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
    fixture.expected_ctx->resumption_expected = 1;

    fixture.expected_ctx->extra.client.verify_callback =
        SSL_TEST_VERIFY_REJECT_ALL;
    fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2;
    fixture.expected_ctx->extra.client.npn_protocols =
        OPENSSL_strdup("foo,bar");
    TEST_check(fixture.expected_ctx->extra.client.npn_protocols != NULL);

    fixture.expected_ctx->extra.server.servername_callback =
        SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
    fixture.expected_ctx->extra.server.broken_session_ticket = 1;

    fixture.expected_ctx->resume_extra.server2.alpn_protocols =
        OPENSSL_strdup("baz");
    TEST_check(
        fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL);

    fixture.expected_ctx->resume_extra.client.ct_validation =
        SSL_TEST_CT_VALIDATION_STRICT;

    EXECUTE_SSL_TEST_CTX_TEST();
}

static const char *bad_configurations[] = {
    "ssltest_unknown_option",
    "ssltest_wrong_section",
    "ssltest_unknown_expected_result",
    "ssltest_unknown_alert",
    "ssltest_unknown_protocol",
    "ssltest_unknown_verify_callback",
    "ssltest_unknown_servername",
    "ssltest_unknown_servername_callback",
    "ssltest_unknown_session_ticket_expected",
    "ssltest_unknown_method",
    "ssltest_unknown_handshake_mode",
    "ssltest_unknown_resumption_expected",
    "ssltest_unknown_ct_validation",
};

static int test_bad_configuration(int idx)
{
    SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, bad_configurations[idx]);

    if (ctx != NULL) {
        fprintf(stderr, "Parsing bad configuration %s succeeded.\n",
                bad_configurations[idx]);
        SSL_TEST_CTX_free(ctx);
        return 0;
    }

    return 1;
}

int test_main(int argc, char **argv)
{
    int result = 0;

    if (argc != 2)
        return 1;

    conf = NCONF_new(NULL);
    TEST_check(conf != NULL);

    /* argv[1] should point to test/ssl_test_ctx_test.conf */
    TEST_check(NCONF_load(conf, argv[1], NULL) > 0);

    ADD_TEST(test_empty_configuration);
    ADD_TEST(test_good_configuration);
    ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations));

    result = run_tests(argv[0]);

    NCONF_free(conf);

    return result;
}
Commit	Line	Data
453dfd8d EK	1	/*
	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	3	*
440e5d80 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
453dfd8d	7	* https://www.openssl.org/source/license.html
453dfd8d EK	8	*/
	9
	10	/*
	11	* Ideally, CONF should offer standard parsing methods and cover them
	12	* in tests. But since we have no CONF tests, we use a custom test for now.
	13	*/
	14
	15	#include <stdio.h>
ce2cdac2	16	#include <string.h>
453dfd8d EK	17
	18	#include "e_os.h"
	19	#include "ssl_test_ctx.h"
	20	#include "testutil.h"
e364c3b2	21	#include "test_main_custom.h"
453dfd8d EK	22	#include <openssl/e_os2.h>
	23	#include <openssl/err.h>
	24	#include <openssl/conf.h>
	25	#include <openssl/ssl.h>
	26
	27	static CONF *conf = NULL;
	28
	29	typedef struct ssl_test_ctx_test_fixture {
	30	const char *test_case_name;
	31	const char *test_section;
	32	/* Expected parsed configuration. */
	33	SSL_TEST_CTX *expected_ctx;
	34	} SSL_TEST_CTX_TEST_FIXTURE;
	35
9f48bbac EK	36
	37	static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client,
	38	SSL_TEST_CLIENT_CONF *client2)
	39	{
	40	if (client->verify_callback != client2->verify_callback) {
	41	fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
	42	ssl_verify_callback_name(client->verify_callback),
	43	ssl_verify_callback_name(client2->verify_callback));
	44	return 0;
	45	}
	46	if (client->servername != client2->servername) {
	47	fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
	48	ssl_servername_name(client->servername),
	49	ssl_servername_name(client2->servername));
	50	return 0;
	51	}
	52	if (!strings_equal("Client NPNProtocols", client->npn_protocols,
	53	client2->npn_protocols))
	54	return 0;
	55	if (!strings_equal("Client ALPNProtocols", client->alpn_protocols,
	56	client2->alpn_protocols))
	57	return 0;
da085d27 EK	58	if (client->ct_validation != client2->ct_validation) {
	59	fprintf(stderr, "CTValidation mismatch: %s vs %s.\n",
	60	ssl_ct_validation_name(client->ct_validation),
	61	ssl_ct_validation_name(client2->ct_validation));
	62	return 0;
	63	}
9f48bbac EK	64	return 1;
	65	}
	66
	67	static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server,
	68	SSL_TEST_SERVER_CONF *server2)
	69	{
	70	if (server->servername_callback != server2->servername_callback) {
	71	fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n",
	72	ssl_servername_callback_name(server->servername_callback),
	73	ssl_servername_callback_name(server2->servername_callback));
	74	return 0;
	75	}
	76	if (!strings_equal("Server NPNProtocols", server->npn_protocols,
	77	server2->npn_protocols))
	78	return 0;
	79	if (!strings_equal("Server ALPNProtocols", server->alpn_protocols,
	80	server2->alpn_protocols))
	81	return 0;
	82	if (server->broken_session_ticket != server2->broken_session_ticket) {
	83	fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n",
	84	server->broken_session_ticket, server2->broken_session_ticket);
	85	return 0;
	86	}
767ccc3b MC	87	if (server->cert_status != server2->cert_status) {
	88	fprintf(stderr, "CertStatus mismatch: %s vs %s.\n",
	89	ssl_certstatus_name(server->cert_status),
	90	ssl_certstatus_name(server2->cert_status));
	91	return 0;
	92	}
9f48bbac EK	93	return 1;
	94	}
	95
	96	static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra,
	97	SSL_TEST_EXTRA_CONF *extra2)
	98	{
	99	return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client)
	100	&& SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server)
	101	&& SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2);
	102	}
	103
453dfd8d EK	104	/* Returns 1 if the contexts are equal, 0 otherwise. */
	105	static int SSL_TEST_CTX_equal(SSL_TEST_CTX ctx, SSL_TEST_CTX ctx2)
	106	{
9f48bbac EK	107	if (ctx->method != ctx2->method) {
	108	fprintf(stderr, "Method mismatch: %s vs %s.\n",
	109	ssl_test_method_name(ctx->method),
	110	ssl_test_method_name(ctx2->method));
	111	return 0;
	112	}
	113	if (ctx->handshake_mode != ctx2->handshake_mode) {
	114	fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
	115	ssl_handshake_mode_name(ctx->handshake_mode),
	116	ssl_handshake_mode_name(ctx2->handshake_mode));
	117	return 0;
	118	}
e0421bd8 EK	119	if (ctx->app_data_size != ctx2->app_data_size) {
	120	fprintf(stderr, "ApplicationData mismatch: %d vs %d.\n",
	121	ctx->app_data_size, ctx2->app_data_size);
	122	return 0;
	123	}
9f48bbac	124
6dc99745 EK	125	if (ctx->max_fragment_size != ctx2->max_fragment_size) {
	126	fprintf(stderr, "MaxFragmentSize mismatch: %d vs %d.\n",
	127	ctx->max_fragment_size, ctx2->max_fragment_size);
	128	return 0;
	129	}
	130
9f48bbac EK	131	if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) {
	132	fprintf(stderr, "Extra conf mismatch.\n");
	133	return 0;
	134	}
	135	if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) {
	136	fprintf(stderr, "Resume extra conf mismatch.\n");
	137	return 0;
	138	}
	139
453dfd8d EK	140	if (ctx->expected_result != ctx2->expected_result) {
453dfd8d EK	141	fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
a263f320 EK	142	ssl_test_result_name(ctx->expected_result),
a263f320 EK	143	ssl_test_result_name(ctx2->expected_result));
453dfd8d EK	144	return 0;
453dfd8d EK	145	}
9f48bbac	146	if (ctx->expected_client_alert != ctx2->expected_client_alert) {
453dfd8d	147	fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
9f48bbac EK	148	ssl_alert_name(ctx->expected_client_alert),
9f48bbac EK	149	ssl_alert_name(ctx2->expected_client_alert));
453dfd8d EK	150	return 0;
453dfd8d EK	151	}
9f48bbac	152	if (ctx->expected_server_alert != ctx2->expected_server_alert) {
453dfd8d	153	fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n",
9f48bbac EK	154	ssl_alert_name(ctx->expected_server_alert),
9f48bbac EK	155	ssl_alert_name(ctx2->expected_server_alert));
453dfd8d EK	156	return 0;
453dfd8d EK	157	}
9f48bbac	158	if (ctx->expected_protocol != ctx2->expected_protocol) {
453dfd8d	159	fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
9f48bbac EK	160	ssl_protocol_name(ctx->expected_protocol),
9f48bbac EK	161	ssl_protocol_name(ctx2->expected_protocol));
5c753de6 TS	162	return 0;
5c753de6 TS	163	}
d2b23cd2 EK	164	if (ctx->expected_servername != ctx2->expected_servername) {
	165	fprintf(stderr, "ExpectedServerName mismatch: %s vs %s.\n",
	166	ssl_servername_name(ctx->expected_servername),
	167	ssl_servername_name(ctx2->expected_servername));
	168	return 0;
	169	}
5c753de6 TS	170	if (ctx->session_ticket_expected != ctx2->session_ticket_expected) {
5c753de6 TS	171	fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
81fc33c9 EK	172	ssl_session_ticket_name(ctx->session_ticket_expected),
81fc33c9 EK	173	ssl_session_ticket_name(ctx2->session_ticket_expected));
5c753de6 TS	174	return 0;
5c753de6 TS	175	}
ce2cdac2 EK	176	if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol,
	177	ctx2->expected_npn_protocol))
	178	return 0;
ce2cdac2 EK	179	if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
	180	ctx2->expected_alpn_protocol))
	181	return 0;
590ed3d7 EK	182	if (ctx->resumption_expected != ctx2->resumption_expected) {
	183	fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n",
	184	ctx->resumption_expected, ctx2->resumption_expected);
	185	return 0;
	186	}
453dfd8d EK	187	return 1;
	188	}
	189
	190	static SSL_TEST_CTX_TEST_FIXTURE set_up(const char *const test_case_name)
	191	{
	192	SSL_TEST_CTX_TEST_FIXTURE fixture;
	193	fixture.test_case_name = test_case_name;
	194	fixture.expected_ctx = SSL_TEST_CTX_new();
d61f0078	195	TEST_check(fixture.expected_ctx != NULL);
453dfd8d EK	196	return fixture;
	197	}
	198
	199	static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
	200	{
ababe86b	201	int success = 0;
453dfd8d EK	202
	203	SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section);
	204
	205	if (ctx == NULL) {
	206	fprintf(stderr, "Failed to parse good configuration %s.\n",
	207	fixture.test_section);
	208	goto err;
	209	}
	210
	211	if (!SSL_TEST_CTX_equal(ctx, fixture.expected_ctx))
	212	goto err;
	213
ababe86b	214	success = 1;
453dfd8d EK	215	err:
453dfd8d EK	216	SSL_TEST_CTX_free(ctx);
ababe86b	217	return success;
453dfd8d EK	218	}
453dfd8d EK	219
453dfd8d EK	220	static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture)
	221	{
	222	SSL_TEST_CTX_free(fixture.expected_ctx);
453dfd8d EK	223	}
	224
	225	#define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \
	226	SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up)
	227	#define EXECUTE_SSL_TEST_CTX_TEST() \
	228	EXECUTE_TEST(execute_test, tear_down)
453dfd8d EK	229
	230	static int test_empty_configuration()
	231	{
	232	SETUP_SSL_TEST_CTX_TEST_FIXTURE();
	233	fixture.test_section = "ssltest_default";
	234	fixture.expected_ctx->expected_result = SSL_TEST_SUCCESS;
	235	EXECUTE_SSL_TEST_CTX_TEST();
	236	}
	237
	238	static int test_good_configuration()
	239	{
	240	SETUP_SSL_TEST_CTX_TEST_FIXTURE();
	241	fixture.test_section = "ssltest_good";
9f48bbac EK	242	fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
9f48bbac EK	243	fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
e0421bd8	244	fixture.expected_ctx->app_data_size = 1024;
6dc99745	245	fixture.expected_ctx->max_fragment_size = 2048;
9f48bbac	246
453dfd8d	247	fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL;
9f48bbac EK	248	fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA;
	249	fixture.expected_ctx->expected_server_alert = 0; /* No alert. */
	250	fixture.expected_ctx->expected_protocol = TLS1_1_VERSION;
d2b23cd2	251	fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2;
5c753de6	252	fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
590ed3d7	253	fixture.expected_ctx->resumption_expected = 1;
9f48bbac EK	254
	255	fixture.expected_ctx->extra.client.verify_callback =
	256	SSL_TEST_VERIFY_REJECT_ALL;
	257	fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2;
	258	fixture.expected_ctx->extra.client.npn_protocols =
	259	OPENSSL_strdup("foo,bar");
d61f0078	260	TEST_check(fixture.expected_ctx->extra.client.npn_protocols != NULL);
9f48bbac EK	261
	262	fixture.expected_ctx->extra.server.servername_callback =
	263	SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
	264	fixture.expected_ctx->extra.server.broken_session_ticket = 1;
	265
	266	fixture.expected_ctx->resume_extra.server2.alpn_protocols =
	267	OPENSSL_strdup("baz");
d61f0078	268	TEST_check(
9f48bbac EK	269	fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL);
9f48bbac EK	270
da085d27 EK	271	fixture.expected_ctx->resume_extra.client.ct_validation =
	272	SSL_TEST_CT_VALIDATION_STRICT;
	273
453dfd8d EK	274	EXECUTE_SSL_TEST_CTX_TEST();
	275	}
	276
	277	static const char *bad_configurations[] = {
	278	"ssltest_unknown_option",
6bd3379a	279	"ssltest_wrong_section",
453dfd8d EK	280	"ssltest_unknown_expected_result",
	281	"ssltest_unknown_alert",
	282	"ssltest_unknown_protocol",
a263f320	283	"ssltest_unknown_verify_callback",
5c753de6	284	"ssltest_unknown_servername",
d2b23cd2	285	"ssltest_unknown_servername_callback",
5c753de6	286	"ssltest_unknown_session_ticket_expected",
74726750	287	"ssltest_unknown_method",
590ed3d7 EK	288	"ssltest_unknown_handshake_mode",
590ed3d7 EK	289	"ssltest_unknown_resumption_expected",
da085d27	290	"ssltest_unknown_ct_validation",
453dfd8d EK	291	};
	292
	293	static int test_bad_configuration(int idx)
	294	{
d836d71b EK	295	SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, bad_configurations[idx]);
	296
	297	if (ctx != NULL) {
	298	fprintf(stderr, "Parsing bad configuration %s succeeded.\n",
	299	bad_configurations[idx]);
	300	SSL_TEST_CTX_free(ctx);
	301	return 0;
	302	}
	303
	304	return 1;
453dfd8d EK	305	}
453dfd8d EK	306
e364c3b2	307	int test_main(int argc, char **argv)
453dfd8d EK	308	{
	309	int result = 0;
	310
	311	if (argc != 2)
	312	return 1;
	313
	314	conf = NCONF_new(NULL);
d61f0078	315	TEST_check(conf != NULL);
453dfd8d EK	316
453dfd8d EK	317	/* argv[1] should point to test/ssl_test_ctx_test.conf */
d61f0078	318	TEST_check(NCONF_load(conf, argv[1], NULL) > 0);
453dfd8d EK	319
	320	ADD_TEST(test_empty_configuration);
	321	ADD_TEST(test_good_configuration);
	322	ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations));
	323
	324	result = run_tests(argv[0]);
	325
	326	NCONF_free(conf);
	327
	328	return result;
	329	}