commit 281fd1bdd8aacc3c68ea42e305a5ed2469635571
author Xiaokang Qian <xiaokang.qian@arm.com> Tue Sep 20 11:35:41 2022 +0000
committer Xiaokang Qian <xiaokang.qian@arm.com> Wed Oct 12 11:03:41 2022 +0000
tree 8db8d88724d4005014a3e9fcad4df0eb5156c02c
parent 8fd3254cfcd8116ff50b139be6ab3f1b93094c73

Add server name check when proposeing pre-share key

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 48dd89e..414b860 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -12873,6 +12873,47 @@
             -c "Protocol is TLSv1.2" \
             -c "HTTP/1.0 200 [Oo][Kk]"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+run_test    "TLS 1.3: NewSessionTicket: servername check, m->m" \
+            "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1 \
+            sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+            "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \
+            0 \
+            -c "Protocol is TLSv1.3" \
+            -c "got new session ticket." \
+            -c "Saving session for reuse... ok" \
+            -c "Reconnecting with saved session" \
+            -c "HTTP/1.0 200 OK"    \
+            -s "=> write NewSessionTicket msg" \
+            -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
+            -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \
+            -s "key exchange mode: ephemeral" \
+            -s "key exchange mode: psk_ephemeral" \
+            -s "found pre_shared_key extension"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_DEBUG_C
+run_test    "TLS 1.3: NewSessionTicket: servername negative check, m->m" \
+            "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=1 \
+            sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+            "$P_CLI debug_level=4 server_name=localhost rec_server_name=remote reco_mode=1 reconnect=1" \
+            1 \
+            -c "Protocol is TLSv1.3" \
+            -c "got new session ticket." \
+            -c "Saving session for reuse... ok" \
+            -c "Reconnecting with saved session" \
+            -c "hostname mismatch the session ticker, should not resume"    \
+            -s "=> write NewSessionTicket msg" \
+            -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
+            -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"
+
 # Test heap memory usage after handshake
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_MEMORY_DEBUG