From 23849f09afde0825071be4158507121643c7603d Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Tue, 21 Aug 2018 21:30:42 -0500
Subject: [PATCH] Fix TLS 1.3 downgrade tests.

The client downgrade detection tests were not asserting on the error (would
have caught the missing error string). Additionally, Downgrade-FalseStart-Draft
isn't testing what it's supposed to; it doesn't actually configure a draft
version or anything. Fix that and have it use ALPN rather than NPN, to match
the test above.

Change-Id: I0b759385641aa00994a912303a6f5bd65522b4bb
Reviewed-on: https://boringssl-review.googlesource.com/31204
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 ssl/test/runner/runner.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 7c5b84cb..5955edaf 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -5902,6 +5902,7 @@ func addVersionNegotiationTests() {
 		tls13Variant:       TLS13RFC,
 		expectedVersion:    VersionTLS12,
 		shouldFail:         true,
+		expectedError:      ":TLS13_DOWNGRADE:",
 		expectedLocalError: "remote error: illegal parameter",
 	})
 	testCases = append(testCases, testCase{
@@ -5928,6 +5929,7 @@ func addVersionNegotiationTests() {
 		tls13Variant:       TLS13RFC,
 		expectedVersion:    VersionTLS11,
 		shouldFail:         true,
+		expectedError:      ":TLS13_DOWNGRADE:",
 		expectedLocalError: "remote error: illegal parameter",
 	})
 	testCases = append(testCases, testCase{
@@ -5992,23 +5994,27 @@ func addVersionNegotiationTests() {
 		expectedLocalError: "tls: peer did not false start: EOF",
 	})
 
+	// Test that draft TLS 1.3 versions do not trigger disabling False Start.
 	testCases = append(testCases, testCase{
 		name: "Downgrade-FalseStart-Draft",
 		config: Config{
 			MaxVersion:   VersionTLS13,
-			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+			TLS13Variant: TLS13RFC,
 			NextProtos:   []string{"foo"},
 			Bugs: ProtocolBugs{
 				ExpectFalseStart: true,
 			},
 		},
+		expectedVersion: VersionTLS12,
 		flags: []string{
 			"-false-start",
-			"-select-next-proto", "foo",
-			"-max-version", strconv.Itoa(VersionTLS12),
+			"-advertise-alpn", "\x03foo",
+			"-expect-alpn", "foo",
+			"-ignore-tls13-downgrade",
+			"-tls13-variant", strconv.Itoa(TLS13Draft28),
+			"-max-version", strconv.Itoa(VersionTLS13),
 		},
 		shimWritesFirst: true,
-		resumeSession:   true,
 	})
 
 	// SSL 3.0 support has been removed. Test that the shim does not