JCE testing: skip WolfSSLSocketTest.testSNIMatchers() if less than wolfSSL 5.7.2

cconlon · cconlon · commit 73497035e6f4 · 2025-10-07T15:16:18.000-06:00
diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java
@@ -179,7 +179,6 @@ public static void testSetupSocketFactory() throws NoSuchProviderException,
         try {
             tf = new WolfSSLTestFactory();
         } catch (WolfSSLException e) {
-            // TODO Auto-generated catch block
             e.printStackTrace();
         }
 
@@ -1034,8 +1033,9 @@ public void testExtendedThreadingUse()
 
         System.out.print("\tTesting ExtendedThreadingUse");
 
-        /* This test hangs on Android, marking TODO for later investigation. Seems to be
-         * something specific to the test code, not library proper. */
+        /* This test hangs on Android, marking TODO for later investigation.
+         * Seems to be something specific to the test code, not library
+         * proper. */
         if (WolfSSLTestFactory.isAndroid()) {
             System.out.println("\t... skipped");
             return;
@@ -1044,7 +1044,8 @@ public void testExtendedThreadingUse()
         /* Start up simple TLS test server */
         CountDownLatch serverOpenLatch = new CountDownLatch(1);
         InternalMultiThreadedSSLSocketServer server =
-            new InternalMultiThreadedSSLSocketServer(svrPort, serverOpenLatch, numThreads);
+            new InternalMultiThreadedSSLSocketServer(svrPort, serverOpenLatch,
+                numThreads);
         server.start();
 
         /* Wait for server thread to start up before connecting clients */
@@ -3402,16 +3403,30 @@ public void testAutoSNIProperty() throws Exception {
     public void testSNIMatchers() throws Exception {
 
         System.out.print("\tTesting SNI Matchers");
-    
+
+        /* SNI matcher functionality requires wolfSSL 5.7.2 or later.
+         * Older versions have a limitation where wolfSSL_SNI_GetRequest()
+         * only returns SNI data if native wolfSSL already matched it, but
+         * wolfJSSE relies on retrieving the SNI to do matching at the Java
+         * level. This was fixed in wolfSSL 5.7.2 by adding an ignoreStatus
+         * parameter to TLSX_SNI_GetRequest(). */
+        long libVerHex = WolfSSL.getLibVersionHex();
+        if (libVerHex < 0x05007002L) {
+            System.out.println("\t\t... skipped");
+            return;
+        }
+
         /* create new CTX */
         this.ctx = tf.createSSLContext("TLS", ctxProvider);
-    
+
         /* create SSLServerSocket first to get ephemeral port */
-        final SSLServerSocket ss = (SSLServerSocket)ctx.getServerSocketFactory()
-            .createServerSocket(0);
-    
+        final SSLServerSocket ss =
+            (SSLServerSocket)ctx.getServerSocketFactory()
+                .createServerSocket(0);
+
         /* Configure SNI matcher for server*/
-        SNIMatcher matcher = SNIHostName.createSNIMatcher("www\\.example\\.com");
+        SNIMatcher matcher =
+            SNIHostName.createSNIMatcher("www\\.example\\.com");
         Collection<SNIMatcher> matchers = new ArrayList<>();
         matchers.add(matcher);
         SSLParameters sp = ss.getSSLParameters();
@@ -3436,7 +3451,7 @@ public void testSNIMatchers() throws Exception {
             cs.setSSLParameters(cp);
 
             final SSLSocket serverMatched = (SSLSocket)ss.accept();
-        
+
             ExecutorService es = Executors.newSingleThreadExecutor();
             Future<Void> serverFuture = es.submit(new Callable<Void>() {
                 @Override
@@ -3451,10 +3466,10 @@ public Void call() throws Exception {
                     return null;
                 }
             });
-    
+
             cs.startHandshake();
             cs.close();
-    
+
             es.shutdown();
             serverFuture.get();
 
@@ -3473,7 +3488,7 @@ public Void call() throws Exception {
             cs.setSSLParameters(cp);
 
             final SSLSocket serverUnmatched = (SSLSocket)ss.accept();
-            
+
             es = Executors.newSingleThreadExecutor();
             serverFuture = es.submit(() -> {
                 try {
@@ -3499,7 +3514,8 @@ public Void call() throws Exception {
             System.out.println("\t\t... passed");
         } catch (Exception e) {
             System.out.println("\t\t... failed");
-            fail();
+            e.printStackTrace();
+            fail("SNI Matcher test failed: " + e.getMessage());
         } finally {
             ss.close();
         }
