#/bin/bash
#
# Test --sni-nomatch-abort
#
. common.sh
set +o errexit

#PORT2=$(($RANDOM + 1024))

$HITCH $HITCH_ARGS --backend=[hitch-tls.org]:80 --frontend=[${LISTENADDR}]:$LISTENPORT \
	certs/site1.example.com certs/site2.example.com certs/default.example.com \
	--sni-nomatch-abort
test "$?" = "0" || die "Hitch did not start."

# No SNI - should not be affected.
echo -e "\n" | openssl s_client -prexit -connect $LISTENADDR:$LISTENPORT 2>/dev/null > $DUMPFILE
test "$?" = "0" || die "s_client failed"
grep -q -c "subject=/CN=default.example.com" $DUMPFILE
test "$?" = "0" || die "s_client got wrong certificate on listen port #1"

# SNI request w/ valid servername
echo -e "\n" | openssl s_client -servername site1.example.com -prexit -connect $LISTENADDR:$LISTENPORT 2>/dev/null > $DUMPFILE
test "$?" = "0" || die "s_client failed"
grep -q -c "subject=/CN=site1.example.com" $DUMPFILE
test "$?" = "0" || die "s_client got wrong certificate in listen port #2"

# SNI w/ unknown servername
echo | openssl s_client -servername invalid.example.com -prexit -connect $LISTENADDR:$LISTENPORT > $DUMPFILE 2>&1
test "$?" != "0" || die "s_client did NOT fail when it should have. "
grep -q -c "unrecognized name" $DUMPFILE
test "$?" = "0" || die "Expected 'unrecognized name' error."

CURL_EXTRA="--resolve site1.example.com:$LISTENPORT:127.0.0.1"
runcurl site1.example.com $LISTENPORT
