#!/bin/sh

# Use the service as a slave service (a name-based virtual server) for Server Name Indication TLS extension.
# SERVICE_NAME (server_virtual) specifies the master service that accepts client connections with the accept option.
# SERVER_NAME_PATTERN (*.mydomain.com) specifies the host name to be redirected.
# The success is expected because the client presents the sni pattern (sni.mydomain.com)
# corresponding with SERVER_NAME_PATTERN (*.mydomain.com).

. $(dirname $0)/../test_library

start() {
  ../../src/stunnel -fd 0 <<EOT
  debug = debug
  syslog = no
  pid = ${result_path}/stunnel.pid
  output = ${result_path}/stunnel.log

  [client]
  client = yes
  accept = 127.0.0.1:${http1}
  connect = 127.0.0.1:${https1}
  sni = sni.mydomain.com
  cert = ${script_path}/certs/client_cert.pem

  [server_virtual]
  accept = 127.0.0.1:${https1}
  cert = ${script_path}/certs/server_cert.pem
  exec = ${script_path}/execute
  execArgs = execute 035_SNI_error

  [sni]
  sni = server_virtual:*.mydomain.com
  cert = ${script_path}/certs/server_cert.pem
  exec = ${script_path}/execute
  execArgs = execute 035_SNI
  verifyPeer = yes
  CAfile = ${script_path}/certs/PeerCerts.pem
EOT
}

if grep -q -e "OpenSSL [1-9]" "results.log"
  then
    test_log_for "035_SNI" "execute" "0" "$1" "$2" "$3" 2>> "stderr.log"
    exit $?
  else # older OpenSSL doesn't support sni
    exit_logs "035_SNI" "skipped"
    clean_logs
    exit 125
  fi
