From 3729b12fae8aea1b5551d64ec79f638f92da9627 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 30 Aug 2018 14:44:49 -0600
Subject: [PATCH] Address issues when testing with WOLFSSL_OCSP_TEST set

---
 examples/client/client.c |  8 ++++++++
 scripts/ocsp.test        | 38 ++++++++++++++++++++++++++++----------
 2 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 4635e49d6..f8e230c85 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -1297,6 +1297,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 break;
 
             case 'S' :
+                if (XSTRNCMP(myoptarg, "check", 5) == 0) {
+                #ifdef HAVE_SNI
+                    printf("SNI is: ON\n");
+                #else
+                    printf("SNI is: OFF\n");
+                #endif
+                    XEXIT_T(EXIT_SUCCESS);
+                }
                 #ifdef HAVE_SNI
                     sniHostName = myoptarg;
                 #endif
diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index e16aa8f22..f637efffe 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# ocsp-stapling.test
+# ocsp.test
 
 server=www.globalsign.com
 ca=certs/external/ca-globalsign-root.pem
@@ -15,16 +15,30 @@ if [ $? -eq 0 ]; then
     exit 0
 fi
 
-# is our desired server there?
-./scripts/ping.test $server 2
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    # client test against the server
-    ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N
-    GL_RESULT=$?
-    [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
+# Global Sign now requires server name indication extension to work, check
+# enabled prior to testing
+OUTPUT=$(eval "./examples/client/client -S check")
+if [ "$OUTPUT" = "SNI is: ON" ]; then
+    printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"
+
+    # is our desired server there?
+    ./scripts/ping.test $server 2
+    RESULT=$?
+    if [ $RESULT -ne 0 ]; then
+        GL_UNREACHABLE=1
+    fi
+
+    if [ $RESULT -eq 0 ]; then
+        # client test against the server
+        ./examples/client/client -X -C -h $server -p 443 -A $ca -g -o -N -v d -S $server
+        GL_RESULT=$?
+        [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
+    else
+        GL_RESULT=1
+    fi
 else
-    GL_RESULT=1
+    printf '\n\n%s\n\n' "SNI disabled, skipping globalsign test"
+    GL_RESULT=0
 fi
 
 server=www.google.com
@@ -48,6 +62,10 @@ if test -n "$WOLFSSL_OCSP_TEST"; then
         printf '\n\n%s\n' "Both OCSP connection to globalsign and google passed"
         printf '%s\n' "Test Passed!"
         exit 0
+    elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then
+         printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
+         printf '%s\n' "this continues to occur should be investigated"
+        exit 0
     else
         # Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
         # is to indicate a requirement for both tests to pass. If variable is