SSL test: only write out server2 when testing SNI

The SNI tests introduced a redundant "server2" section into every test
configuration. Copy this automatically from "server" unless testing SNI,
to reduce noise in the generated confs.

Also remove duplicate SSL_TEST_CTX_create (merge conflict error).
Reviewed-by: NRich Salz <rsalz@openssl.org>

test/generate_ssl_tests.pl

@@ -43,12 +43,12 @@ sub print_templates {
     # Add the implicit base configuration.
     foreach my $test (@ssltests::tests) {
         $test->{"server"} = { (%ssltests::base_server, %{$test->{"server"}}) };
-	# use server values if server2 is not defined
+	# Do not emit an empty "server2" section.
 	if (defined $test->{"server2"}) {
-	    $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
-	} else {
-	    $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server"}}) };
-	}
+            $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
+        } else {
+            $test->{"server2"} = { };
+        }
         $test->{"client"} = { (%ssltests::base_client, %{$test->{"client"}}) };
     }
 
@@ -98,8 +98,7 @@ sub print_templates {
 # Shamelessly copied from Configure.
 sub read_config {
     my $fname = shift;
-    open(INPUT, "< $fname")
-	or die "Can't open input file '$fname'!\n";
+    open(INPUT, "< $fname") or die "Can't open input file '$fname'!\n";
     local $/ = undef;
     my $content = <INPUT>;
     close(INPUT);

test/ssl-tests/01-simple.conf

@@ -11,7 +11,6 @@ ssl_conf = 0-default-ssl
 
 [0-default-ssl]
 server = 0-default-server
-server2 = 0-default-server2
 client = 0-default-client
 
 [0-default-server]
@@ -19,19 +18,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[0-default-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [0-default-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-0]
 ExpectedResult = Success
 
@@ -43,7 +34,6 @@ ssl_conf = 1-verify-cert-ssl
 
 [1-verify-cert-ssl]
 server = 1-verify-cert-server
-server2 = 1-verify-cert-server2
 client = 1-verify-cert-client
 
 [1-verify-cert-server]
@@ -51,18 +41,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[1-verify-cert-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [1-verify-cert-client]
 CipherString = DEFAULT
 VerifyMode = Peer
 
-
 [test-1]
 ClientAlert = UnknownCA
 ExpectedResult = ClientFail

test/ssl-tests/03-custom_verify.conf

@@ -18,7 +18,6 @@ ssl_conf = 0-verify-success-ssl
 
 [0-verify-success-ssl]
 server = 0-verify-success-server
-server2 = 0-verify-success-server2
 client = 0-verify-success-client
 
 [0-verify-success-server]
@@ -26,19 +25,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[0-verify-success-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [0-verify-success-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-0]
 ExpectedResult = Success
 
@@ -50,7 +41,6 @@ ssl_conf = 1-verify-custom-reject-ssl
 
 [1-verify-custom-reject-ssl]
 server = 1-verify-custom-reject-server
-server2 = 1-verify-custom-reject-server2
 client = 1-verify-custom-reject-client
 
 [1-verify-custom-reject-server]
@@ -58,19 +48,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[1-verify-custom-reject-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [1-verify-custom-reject-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-1]
 ClientAlert = HandshakeFailure
 ClientVerifyCallback = RejectAll
@@ -84,7 +66,6 @@ ssl_conf = 2-verify-custom-allow-ssl
 
 [2-verify-custom-allow-ssl]
 server = 2-verify-custom-allow-server
-server2 = 2-verify-custom-allow-server2
 client = 2-verify-custom-allow-client
 
 [2-verify-custom-allow-server]
@@ -92,19 +73,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[2-verify-custom-allow-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [2-verify-custom-allow-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-2]
 ClientVerifyCallback = AcceptAll
 ExpectedResult = Success
@@ -117,7 +90,6 @@ ssl_conf = 3-noverify-success-ssl
 
 [3-noverify-success-ssl]
 server = 3-noverify-success-server
-server2 = 3-noverify-success-server2
 client = 3-noverify-success-client
 
 [3-noverify-success-server]
@@ -125,17 +97,9 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[3-noverify-success-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [3-noverify-success-client]
 CipherString = DEFAULT
 
-
 [test-3]
 ExpectedResult = Success
 
@@ -147,7 +111,6 @@ ssl_conf = 4-noverify-ignore-custom-reject-ssl
 
 [4-noverify-ignore-custom-reject-ssl]
 server = 4-noverify-ignore-custom-reject-server
-server2 = 4-noverify-ignore-custom-reject-server2
 client = 4-noverify-ignore-custom-reject-client
 
 [4-noverify-ignore-custom-reject-server]
@@ -155,17 +118,9 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[4-noverify-ignore-custom-reject-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [4-noverify-ignore-custom-reject-client]
 CipherString = DEFAULT
 
-
 [test-4]
 ClientVerifyCallback = RejectAll
 ExpectedResult = Success
@@ -178,7 +133,6 @@ ssl_conf = 5-noverify-accept-custom-allow-ssl
 
 [5-noverify-accept-custom-allow-ssl]
 server = 5-noverify-accept-custom-allow-server
-server2 = 5-noverify-accept-custom-allow-server2
 client = 5-noverify-accept-custom-allow-client
 
 [5-noverify-accept-custom-allow-server]
@@ -186,17 +140,9 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[5-noverify-accept-custom-allow-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [5-noverify-accept-custom-allow-client]
 CipherString = DEFAULT
 
-
 [test-5]
 ClientVerifyCallback = AcceptAll
 ExpectedResult = Success
@@ -209,7 +155,6 @@ ssl_conf = 6-verify-fail-no-root-ssl
 
 [6-verify-fail-no-root-ssl]
 server = 6-verify-fail-no-root-server
-server2 = 6-verify-fail-no-root-server2
 client = 6-verify-fail-no-root-client
 
 [6-verify-fail-no-root-server]
@@ -217,18 +162,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[6-verify-fail-no-root-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [6-verify-fail-no-root-client]
 CipherString = DEFAULT
 VerifyMode = Peer
 
-
 [test-6]
 ClientAlert = UnknownCA
 ExpectedResult = ClientFail
@@ -241,7 +178,6 @@ ssl_conf = 7-verify-custom-success-no-root-ssl
 
 [7-verify-custom-success-no-root-ssl]
 server = 7-verify-custom-success-no-root-server
-server2 = 7-verify-custom-success-no-root-server2
 client = 7-verify-custom-success-no-root-client
 
 [7-verify-custom-success-no-root-server]
@@ -249,18 +185,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[7-verify-custom-success-no-root-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [7-verify-custom-success-no-root-client]
 CipherString = DEFAULT
 VerifyMode = Peer
 
-
 [test-7]
 ClientVerifyCallback = AcceptAll
 ExpectedResult = Success
@@ -273,7 +201,6 @@ ssl_conf = 8-verify-custom-fail-no-root-ssl
 
 [8-verify-custom-fail-no-root-ssl]
 server = 8-verify-custom-fail-no-root-server
-server2 = 8-verify-custom-fail-no-root-server2
 client = 8-verify-custom-fail-no-root-client
 
 [8-verify-custom-fail-no-root-server]
@@ -281,18 +208,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[8-verify-custom-fail-no-root-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [8-verify-custom-fail-no-root-client]
 CipherString = DEFAULT
 VerifyMode = Peer
 
-
 [test-8]
 ClientAlert = HandshakeFailure
 ClientVerifyCallback = RejectAll

test/ssl-tests/04-client_auth.conf

@@ -29,7 +29,6 @@ ssl_conf = 0-server-auth-flex-ssl
 
 [0-server-auth-flex-ssl]
 server = 0-server-auth-flex-server
-server2 = 0-server-auth-flex-server2
 client = 0-server-auth-flex-client
 
 [0-server-auth-flex-server]
@@ -37,19 +36,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[0-server-auth-flex-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [0-server-auth-flex-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-0]
 ExpectedResult = Success
 
@@ -61,7 +52,6 @@ ssl_conf = 1-client-auth-flex-request-ssl
 
 [1-client-auth-flex-request-ssl]
 server = 1-client-auth-flex-request-server
-server2 = 1-client-auth-flex-request-server2
 client = 1-client-auth-flex-request-client
 
 [1-client-auth-flex-request-server]
@@ -70,20 +60,11 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyMode = Request
 
-
-[1-client-auth-flex-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-
 [1-client-auth-flex-request-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-1]
 ExpectedResult = Success
 
@@ -95,7 +76,6 @@ ssl_conf = 2-client-auth-flex-require-fail-ssl
 
 [2-client-auth-flex-require-fail-ssl]
 server = 2-client-auth-flex-require-fail-server
-server2 = 2-client-auth-flex-require-fail-server2
 client = 2-client-auth-flex-require-fail-client
 
 [2-client-auth-flex-require-fail-server]
@@ -105,21 +85,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[2-client-auth-flex-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [2-client-auth-flex-require-fail-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-2]
 ExpectedResult = ServerFail
 ServerAlert = HandshakeFailure
@@ -132,7 +102,6 @@ ssl_conf = 3-client-auth-flex-require-ssl
 
 [3-client-auth-flex-require-ssl]
 server = 3-client-auth-flex-require-server
-server2 = 3-client-auth-flex-require-server2
 client = 3-client-auth-flex-require-client
 
 [3-client-auth-flex-require-server]
@@ -142,15 +111,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
-[3-client-auth-flex-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
 [3-client-auth-flex-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -158,7 +118,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-3]
 ExpectedResult = Success
 
@@ -170,7 +129,6 @@ ssl_conf = 4-client-auth-flex-noroot-ssl
 
 [4-client-auth-flex-noroot-ssl]
 server = 4-client-auth-flex-noroot-server
-server2 = 4-client-auth-flex-noroot-server2
 client = 4-client-auth-flex-noroot-client
 
 [4-client-auth-flex-noroot-server]
@@ -179,14 +137,6 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyMode = Require
 
-
-[4-client-auth-flex-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-
 [4-client-auth-flex-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -194,7 +144,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-4]
 ExpectedResult = ServerFail
 ServerAlert = UnknownCA
@@ -207,7 +156,6 @@ ssl_conf = 5-server-auth-TLSv1-ssl
 
 [5-server-auth-TLSv1-ssl]
 server = 5-server-auth-TLSv1-server
-server2 = 5-server-auth-TLSv1-server2
 client = 5-server-auth-TLSv1-client
 
 [5-server-auth-TLSv1-server]
@@ -216,21 +164,12 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1
 
-
-[5-server-auth-TLSv1-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-
-
 [5-server-auth-TLSv1-client]
 CipherString = DEFAULT
 Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-5]
 ExpectedResult = Success
 
@@ -242,7 +181,6 @@ ssl_conf = 6-client-auth-TLSv1-request-ssl
 
 [6-client-auth-TLSv1-request-ssl]
 server = 6-client-auth-TLSv1-request-server
-server2 = 6-client-auth-TLSv1-request-server2
 client = 6-client-auth-TLSv1-request-client
 
 [6-client-auth-TLSv1-request-server]
@@ -252,22 +190,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1
 VerifyMode = Request
 
-
-[6-client-auth-TLSv1-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyMode = Request
-
-
 [6-client-auth-TLSv1-request-client]
 CipherString = DEFAULT
 Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-6]
 ExpectedResult = Success
 
@@ -279,7 +207,6 @@ ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
 
 [7-client-auth-TLSv1-require-fail-ssl]
 server = 7-client-auth-TLSv1-require-fail-server
-server2 = 7-client-auth-TLSv1-require-fail-server2
 client = 7-client-auth-TLSv1-require-fail-client
 
 [7-client-auth-TLSv1-require-fail-server]
@@ -290,23 +217,12 @@ Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[7-client-auth-TLSv1-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [7-client-auth-TLSv1-require-fail-client]
 CipherString = DEFAULT
 Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-7]
 ExpectedResult = ServerFail
 ServerAlert = HandshakeFailure
@@ -319,7 +235,6 @@ ssl_conf = 8-client-auth-TLSv1-require-ssl
 
 [8-client-auth-TLSv1-require-ssl]
 server = 8-client-auth-TLSv1-require-server
-server2 = 8-client-auth-TLSv1-require-server2
 client = 8-client-auth-TLSv1-require-client
 
 [8-client-auth-TLSv1-require-server]
@@ -330,16 +245,6 @@ Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
-[8-client-auth-TLSv1-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
 [8-client-auth-TLSv1-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -348,7 +253,6 @@ Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-8]
 ExpectedResult = Success
 
@@ -360,7 +264,6 @@ ssl_conf = 9-client-auth-TLSv1-noroot-ssl
 
 [9-client-auth-TLSv1-noroot-ssl]
 server = 9-client-auth-TLSv1-noroot-server
-server2 = 9-client-auth-TLSv1-noroot-server2
 client = 9-client-auth-TLSv1-noroot-client
 
 [9-client-auth-TLSv1-noroot-server]
@@ -370,15 +273,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1
 VerifyMode = Require
 
-
-[9-client-auth-TLSv1-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyMode = Require
-
-
 [9-client-auth-TLSv1-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -387,7 +281,6 @@ Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-9]
 ExpectedResult = ServerFail
 ServerAlert = UnknownCA
@@ -400,7 +293,6 @@ ssl_conf = 10-server-auth-TLSv1.1-ssl
 
 [10-server-auth-TLSv1.1-ssl]
 server = 10-server-auth-TLSv1.1-server
-server2 = 10-server-auth-TLSv1.1-server2
 client = 10-server-auth-TLSv1.1-client
 
 [10-server-auth-TLSv1.1-server]
@@ -409,21 +301,12 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1.1
 
-
-[10-server-auth-TLSv1.1-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-
-
 [10-server-auth-TLSv1.1-client]
 CipherString = DEFAULT
 Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-10]
 ExpectedResult = Success
 
@@ -435,7 +318,6 @@ ssl_conf = 11-client-auth-TLSv1.1-request-ssl
 
 [11-client-auth-TLSv1.1-request-ssl]
 server = 11-client-auth-TLSv1.1-request-server
-server2 = 11-client-auth-TLSv1.1-request-server2
 client = 11-client-auth-TLSv1.1-request-client
 
 [11-client-auth-TLSv1.1-request-server]
@@ -445,22 +327,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1.1
 VerifyMode = Request
 
-
-[11-client-auth-TLSv1.1-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyMode = Request
-
-
 [11-client-auth-TLSv1.1-request-client]
 CipherString = DEFAULT
 Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-11]
 ExpectedResult = Success
 
@@ -472,7 +344,6 @@ ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
 
 [12-client-auth-TLSv1.1-require-fail-ssl]
 server = 12-client-auth-TLSv1.1-require-fail-server
-server2 = 12-client-auth-TLSv1.1-require-fail-server2
 client = 12-client-auth-TLSv1.1-require-fail-client
 
 [12-client-auth-TLSv1.1-require-fail-server]
@@ -483,23 +354,12 @@ Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[12-client-auth-TLSv1.1-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [12-client-auth-TLSv1.1-require-fail-client]
 CipherString = DEFAULT
 Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-12]
 ExpectedResult = ServerFail
 ServerAlert = HandshakeFailure
@@ -512,7 +372,6 @@ ssl_conf = 13-client-auth-TLSv1.1-require-ssl
 
 [13-client-auth-TLSv1.1-require-ssl]
 server = 13-client-auth-TLSv1.1-require-server
-server2 = 13-client-auth-TLSv1.1-require-server2
 client = 13-client-auth-TLSv1.1-require-client
 
 [13-client-auth-TLSv1.1-require-server]
@@ -523,16 +382,6 @@ Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
-[13-client-auth-TLSv1.1-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
 [13-client-auth-TLSv1.1-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -541,7 +390,6 @@ Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-13]
 ExpectedResult = Success
 
@@ -553,7 +401,6 @@ ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
 
 [14-client-auth-TLSv1.1-noroot-ssl]
 server = 14-client-auth-TLSv1.1-noroot-server
-server2 = 14-client-auth-TLSv1.1-noroot-server2
 client = 14-client-auth-TLSv1.1-noroot-client
 
 [14-client-auth-TLSv1.1-noroot-server]
@@ -563,15 +410,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1.1
 VerifyMode = Require
 
-
-[14-client-auth-TLSv1.1-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyMode = Require
-
-
 [14-client-auth-TLSv1.1-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -580,7 +418,6 @@ Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-14]
 ExpectedResult = ServerFail
 ServerAlert = UnknownCA
@@ -593,7 +430,6 @@ ssl_conf = 15-server-auth-TLSv1.2-ssl
 
 [15-server-auth-TLSv1.2-ssl]
 server = 15-server-auth-TLSv1.2-server
-server2 = 15-server-auth-TLSv1.2-server2
 client = 15-server-auth-TLSv1.2-client
 
 [15-server-auth-TLSv1.2-server]
@@ -602,21 +438,12 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1.2
 
-
-[15-server-auth-TLSv1.2-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-
-
 [15-server-auth-TLSv1.2-client]
 CipherString = DEFAULT
 Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-15]
 ExpectedResult = Success
 
@@ -628,7 +455,6 @@ ssl_conf = 16-client-auth-TLSv1.2-request-ssl
 
 [16-client-auth-TLSv1.2-request-ssl]
 server = 16-client-auth-TLSv1.2-request-server
-server2 = 16-client-auth-TLSv1.2-request-server2
 client = 16-client-auth-TLSv1.2-request-client
 
 [16-client-auth-TLSv1.2-request-server]
@@ -638,22 +464,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1.2
 VerifyMode = Request
 
-
-[16-client-auth-TLSv1.2-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyMode = Request
-
-
 [16-client-auth-TLSv1.2-request-client]
 CipherString = DEFAULT
 Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-16]
 ExpectedResult = Success
 
@@ -665,7 +481,6 @@ ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
 
 [17-client-auth-TLSv1.2-require-fail-ssl]
 server = 17-client-auth-TLSv1.2-require-fail-server
-server2 = 17-client-auth-TLSv1.2-require-fail-server2
 client = 17-client-auth-TLSv1.2-require-fail-client
 
 [17-client-auth-TLSv1.2-require-fail-server]
@@ -676,23 +491,12 @@ Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[17-client-auth-TLSv1.2-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [17-client-auth-TLSv1.2-require-fail-client]
 CipherString = DEFAULT
 Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-17]
 ExpectedResult = ServerFail
 ServerAlert = HandshakeFailure
@@ -705,7 +509,6 @@ ssl_conf = 18-client-auth-TLSv1.2-require-ssl
 
 [18-client-auth-TLSv1.2-require-ssl]
 server = 18-client-auth-TLSv1.2-require-server
-server2 = 18-client-auth-TLSv1.2-require-server2
 client = 18-client-auth-TLSv1.2-require-client
 
 [18-client-auth-TLSv1.2-require-server]
@@ -716,16 +519,6 @@ Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
-[18-client-auth-TLSv1.2-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
 [18-client-auth-TLSv1.2-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -734,7 +527,6 @@ Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-18]
 ExpectedResult = Success
 
@@ -746,7 +538,6 @@ ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
 
 [19-client-auth-TLSv1.2-noroot-ssl]
 server = 19-client-auth-TLSv1.2-noroot-server
-server2 = 19-client-auth-TLSv1.2-noroot-server2
 client = 19-client-auth-TLSv1.2-noroot-client
 
 [19-client-auth-TLSv1.2-noroot-server]
@@ -756,15 +547,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 Protocol = TLSv1.2
 VerifyMode = Require
 
-
-[19-client-auth-TLSv1.2-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyMode = Require
-
-
 [19-client-auth-TLSv1.2-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -773,7 +555,6 @@ Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-19]
 ExpectedResult = ServerFail
 ServerAlert = UnknownCA

test/ssl-tests/05-sni.conf

@@ -18,19 +18,16 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [0-SNI-default-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [0-SNI-default-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-0]
 ExpectedResult = Success
 ServerName = server2

test/ssl-tests/05-sni.conf.in

@@ -18,6 +18,7 @@ our @tests = (
     {
         name => "SNI-default",
         server => { },
+        server2 => { },
         client => { },
         test   => { "ServerName" => "server2",
 		    "ExpectedResult" => "Success" },

test/ssl-tests/06-sni-ticket.conf

@@ -35,21 +35,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [0-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [0-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-0]
 ExpectedResult = Success
 ServerName = server1
@@ -72,21 +69,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [1-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [1-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-1]
 ExpectedResult = Success
 ServerName = server1
@@ -109,21 +103,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [2-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [2-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-2]
 ExpectedResult = Success
 ServerName = server2
@@ -146,21 +137,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [3-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [3-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-3]
 ExpectedResult = Success
 ServerName = server1
@@ -183,21 +171,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [4-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [4-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-4]
 ExpectedResult = Success
 ServerName = server2
@@ -220,21 +205,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [5-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [5-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-5]
 ExpectedResult = Success
 ServerName = server1
@@ -257,21 +239,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [6-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [6-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-6]
 ExpectedResult = Success
 ServerName = server2
@@ -294,21 +273,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [7-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [7-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-7]
 ExpectedResult = Success
 ServerName = server1
@@ -331,21 +307,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [8-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [8-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-8]
 ExpectedResult = Success
 ServerName = server2
@@ -368,21 +341,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [9-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [9-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-9]
 ExpectedResult = Success
 ServerName = server1
@@ -405,21 +375,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [10-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [10-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-10]
 ExpectedResult = Success
 ServerName = server2
@@ -442,21 +409,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [11-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [11-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-11]
 ExpectedResult = Success
 ServerName = server1
@@ -479,21 +443,18 @@ CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [12-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [12-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-12]
 ExpectedResult = Success
 ServerName = server2
@@ -516,21 +477,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [13-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [13-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-13]
 ExpectedResult = Success
 ServerName = server1
@@ -553,21 +511,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [14-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [14-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-14]
 ExpectedResult = Success
 ServerName = server2
@@ -590,21 +545,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [15-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [15-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-15]
 ExpectedResult = Success
 ServerName = server1
@@ -627,21 +579,18 @@ CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [16-sni-session-ticket-server2]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
 [16-sni-session-ticket-client]
 CipherString = DEFAULT
 Options = -SessionTicket
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-16]
 ExpectedResult = Success
 ServerName = server2

test/ssl_test.c

@@ -176,11 +176,16 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
     SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL;
     SSL_TEST_CTX *test_ctx = NULL;
     HANDSHAKE_RESULT result;
+    const char *server2;
 
     test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
     if (test_ctx == NULL)
         goto err;
 
+    /* Use ServerName to detect if we're testing SNI. */
+    server2 = (test_ctx->servername != SSL_TEST_SERVERNAME_NONE) ? "server2"
+        : "server";
+
 #ifndef OPENSSL_NO_DTLS
     if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
         server_ctx = SSL_CTX_new(DTLS_server_method());
@@ -200,15 +205,11 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
     OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
 
     if (!SSL_CTX_config(server_ctx, "server")
-        || !SSL_CTX_config(server2_ctx, "server2")
+        || !SSL_CTX_config(server2_ctx, server2)
         || !SSL_CTX_config(client_ctx, "client")) {
         goto err;
     }
 
-    test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
-    if (test_ctx == NULL)
-        goto err;
-
     result = do_handshake(server_ctx, server2_ctx, client_ctx, test_ctx);
 
     ret = check_test(result, test_ctx);

test/ssl_test.tmpl

@@ -2,8 +2,13 @@
 ssl_conf = {-$testname-}-ssl
 
 [{-$testname-}-ssl]
-server = {-$testname-}-server
-server2 = {-$testname-}-server2
+server = {-$testname-}-server{-
+    # The server2 section is optional.
+    $OUT = "";
+    if (%server2) {
+        $OUT .= "\nserver2 = $testname-server2";
+    }
+-}
 client = {-$testname-}-client
 
 [{-$testname-}-server]
@@ -11,22 +16,19 @@ client = {-$testname-}-client
     foreach my $key (sort keys %server) {
         $OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key};
     }
--}
-
-[{-$testname-}-server2]
-{-
-    foreach my $key (sort keys %server2) {
-        $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
+    if (%server2) {
+        $OUT .= "\n[$testname-server2]\n";
+        foreach my $key (sort keys %server2) {
+            $OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
+        }
     }
 -}
-
 [{-$testname-}-client]
 {-
     foreach my $key (sort keys %client) {
         $OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key};
     }
 -}
-
 [test-{-$idx-}]
 {-
     foreach my $key (sort keys %test) {