Test that unknown TLS 1.3 ticket extensions are tolerated.
Change-Id: Ifcdbeab9291d1141605a09a1960702c792cffa86 Reviewed-on: https://boringssl-review.googlesource.com/11561 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
1a5e8ecd64
commit
1286beef94
@ -100,6 +100,11 @@ const (
|
||||
extensionChannelID uint16 = 30032 // not IANA assigned
|
||||
)
|
||||
|
||||
// TLS ticket extension numbers
|
||||
const (
|
||||
ticketExtensionCustom uint16 = 1234 // not IANA assigned
|
||||
)
|
||||
|
||||
// TLS signaling cipher suite values
|
||||
const (
|
||||
scsvRenegotiation uint16 = 0x00ff
|
||||
@ -887,6 +892,10 @@ type ProtocolBugs struct {
|
||||
// of a custom extension.
|
||||
ExpectedCustomExtension *string
|
||||
|
||||
// CustomTicketExtension, if not empty, contains the contents of an
|
||||
// extension what will be added to NewSessionTicket in TLS 1.3.
|
||||
CustomTicketExtension string
|
||||
|
||||
// NoCloseNotify, if true, causes the close_notify alert to be skipped
|
||||
// on connection shutdown.
|
||||
NoCloseNotify bool
|
||||
|
@ -1718,6 +1718,7 @@ func (c *Conn) SendNewSessionTicket() error {
|
||||
ticketLifetime: uint32(24 * time.Hour / time.Second),
|
||||
keModes: []byte{pskDHEKEMode},
|
||||
authModes: []byte{pskAuthMode},
|
||||
customExtension: c.config.Bugs.CustomTicketExtension,
|
||||
}
|
||||
|
||||
if len(c.config.Bugs.SendPSKKeyExchangeModes) != 0 {
|
||||
|
@ -1825,6 +1825,7 @@ type newSessionTicketMsg struct {
|
||||
keModes []byte
|
||||
authModes []byte
|
||||
ticket []byte
|
||||
customExtension string
|
||||
hasGREASEExtension bool
|
||||
}
|
||||
|
||||
@ -1847,11 +1848,11 @@ func (m *newSessionTicketMsg) marshal() []byte {
|
||||
ticket.addBytes(m.ticket)
|
||||
|
||||
if m.version >= VersionTLS13 {
|
||||
// Send no extensions.
|
||||
//
|
||||
// TODO(davidben): Add an option to send a custom extension to
|
||||
// test we correctly ignore unknown ones.
|
||||
body.addU16(0)
|
||||
extensions := body.addU16LengthPrefixed()
|
||||
if len(m.customExtension) > 0 {
|
||||
extensions.addU16(ticketExtensionCustom)
|
||||
extensions.addU16LengthPrefixed().addBytes([]byte(m.customExtension))
|
||||
}
|
||||
}
|
||||
|
||||
m.raw = ticketMsg.finish()
|
||||
|
@ -8595,6 +8595,17 @@ func addTLS13HandshakeTests() {
|
||||
shouldFail: true,
|
||||
expectedError: ":PSK_IDENTITY_NOT_FOUND:",
|
||||
})
|
||||
|
||||
// Test that unknown NewSessionTicket extensions are tolerated.
|
||||
testCases = append(testCases, testCase{
|
||||
name: "TLS13-CustomTicketExtension",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
CustomTicketExtension: "1234",
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func addPeekTests() {
|
||||
|
Loading…
Reference in New Issue
Block a user