Improve test coverage for server_name extension. Notably, this would have caught ed8270a55c3845abbc85dfeed358597fef059ea9 (although, apart from staring at code coverage, knowing to set resumeSession on the server test isn't exactly obvious). Perhaps we should systematically set it on all extension server tests; ClientHello extension parsing happens after resumption has been determined and is often sensitive to it. Change-Id: Ie83f294a26881a6a41969e9dbd102d0a93cb68b5 Reviewed-on: https://boringssl-review.googlesource.com/1750 Reviewed-by: Adam Langley <agl@google.com>

commit: e78bfded9f24725c47e0f5d0a64465566c3bdcf2 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Sep 06 12:45:15 2014 -0400
committer: Adam Langley <agl@google.com> Mon Sep 15 21:07:57 2014 +0000
tree: 8508adfbee185c73251f0511c09b0e4e63ac271f
parent: 594a58e0781e06597eafc7599e9f88d5ceaeb566 [diff]
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index f22f95a..9af3063 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -449,6 +449,10 @@
 	// SkipCipherVersionCheck causes the server to negotiate
 	// TLS 1.2 ciphers in earlier versions of TLS.
 	SkipCipherVersionCheck bool
+
+	// ExpectServerName, if not empty, is the hostname the client
+	// must specify in the server_name extension.
+	ExpectServerName string
 }
 
 func (c *Config) serverInit() {

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 6d61fd5..e456891 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -237,6 +237,9 @@
 	if len(hs.clientHello.serverName) > 0 {
 		hs.cert = config.getCertificateForName(hs.clientHello.serverName)
 	}
+	if expected := c.config.Bugs.ExpectServerName; expected != "" && expected != hs.clientHello.serverName {
+		return false, errors.New("tls: unexpected server name")
+	}
 
 	if hs.clientHello.channelIDSupported && config.RequestChannelID {
 		hs.hello.channelIDRequested = true

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 64df21d..ae74464 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -202,36 +202,6 @@
 		flags: []string{"-fallback-scsv"},
 	},
 	{
-		testType: serverTest,
-		name:     "ServerNameExtension",
-		config: Config{
-			ServerName: "example.com",
-		},
-		flags: []string{"-expect-server-name", "example.com"},
-	},
-	{
-		testType: clientTest,
-		name:     "DuplicateExtensionClient",
-		config: Config{
-			Bugs: ProtocolBugs{
-				DuplicateExtension: true,
-			},
-		},
-		shouldFail:         true,
-		expectedLocalError: "remote error: error decoding message",
-	},
-	{
-		testType: serverTest,
-		name:     "DuplicateExtensionServer",
-		config: Config{
-			Bugs: ProtocolBugs{
-				DuplicateExtension: true,
-			},
-		},
-		shouldFail:         true,
-		expectedLocalError: "remote error: error decoding message",
-	},
-	{
 		name: "ClientCertificateTypes",
 		config: Config{
 			ClientAuth: RequestClientCert,
@@ -1372,6 +1342,73 @@
 	})
 }
 
+func addExtensionTests() {
+	testCases = append(testCases, testCase{
+		testType: clientTest,
+		name:     "DuplicateExtensionClient",
+		config: Config{
+			Bugs: ProtocolBugs{
+				DuplicateExtension: true,
+			},
+		},
+		shouldFail:         true,
+		expectedLocalError: "remote error: error decoding message",
+	})
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "DuplicateExtensionServer",
+		config: Config{
+			Bugs: ProtocolBugs{
+				DuplicateExtension: true,
+			},
+		},
+		shouldFail:         true,
+		expectedLocalError: "remote error: error decoding message",
+	})
+	testCases = append(testCases, testCase{
+		testType: clientTest,
+		name:     "ServerNameExtensionClient",
+		config: Config{
+			Bugs: ProtocolBugs{
+				ExpectServerName: "example.com",
+			},
+		},
+		flags: []string{"-host-name", "example.com"},
+	})
+	testCases = append(testCases, testCase{
+		testType: clientTest,
+		name:     "ServerNameExtensionClient",
+		config: Config{
+			Bugs: ProtocolBugs{
+				ExpectServerName: "mismatch.com",
+			},
+		},
+		flags:              []string{"-host-name", "example.com"},
+		shouldFail:         true,
+		expectedLocalError: "tls: unexpected server name",
+	})
+	testCases = append(testCases, testCase{
+		testType: clientTest,
+		name:     "ServerNameExtensionClient",
+		config: Config{
+			Bugs: ProtocolBugs{
+				ExpectServerName: "missing.com",
+			},
+		},
+		shouldFail:         true,
+		expectedLocalError: "tls: unexpected server name",
+	})
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "ServerNameExtensionServer",
+		config: Config{
+			ServerName: "example.com",
+		},
+		flags:         []string{"-expect-server-name", "example.com"},
+		resumeSession: true,
+	})
+}
+
 func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) {
 	defer wg.Done()
 
@@ -1425,6 +1462,7 @@
 	addClientAuthTests()
 	addVersionNegotiationTests()
 	addD5BugTests()
+	addExtensionTests()
 	for _, async := range []bool{false, true} {
 		for _, splitHandshake := range []bool{false, true} {
 			for _, protocol := range []protocol{tls, dtls} {
commit	e78bfded9f24725c47e0f5d0a64465566c3bdcf2	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Sep 06 12:45:15 2014 -0400
committer	Adam Langley <agl@google.com>	Mon Sep 15 21:07:57 2014 +0000
tree	8508adfbee185c73251f0511c09b0e4e63ac271f
parent	594a58e0781e06597eafc7599e9f88d5ceaeb566 [diff]