#/bin/bash
#
# Test multiple certificates (SNI) on a listening socket.
#
# This implements T4 in the original test plan.
. common.sh
set +o errexit

#PORT2=$(($RANDOM + 1024))

$HITCH $HITCH_ARGS --backend=[hitch-tls.org]:80 --frontend=[${LISTENADDR}]:$LISTENPORT \
	certs/site1.example.com certs/site2.example.com certs/default.example.com
test "$?" = "0" || die "Hitch did not start."

echo -e "\n" | openssl s_client -prexit -connect $LISTENADDR:$LISTENPORT 2>/dev/null > $DUMPFILE
test "$?" = "0" || die "s_client failed"
grep -q -c "subject=/CN=default.example.com" $DUMPFILE
test "$?" = "0" || die "s_client got wrong certificate on listen port #1"

# send a SNI request
echo -e "\n" | openssl s_client -servername site1.example.com -prexit -connect $LISTENADDR:$LISTENPORT 2>/dev/null > $DUMPFILE
test "$?" = "0" || die "s_client failed"
grep -q -c "subject=/CN=site1.example.com" $DUMPFILE
test "$?" = "0" || die "s_client got wrong certificate in listen port #2"

runcurl $LISTENADDR $LISTENPORT
