Test NULL client CA lists.

The preceding client CA bug is actually almost unreachable since the
list is initialized to a non-NULL empty list. But if one tries hard
enough, a NULL one is possible.

Change-Id: I49e69511bf65b0178c4e0acdb887f8ba7d85faff
Reviewed-on: https://boringssl-review.googlesource.com/8769
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2016-07-13 19:47:39 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 111533049d
commit 2f8935de0f
4 changed files with 21 additions and 0 deletions

View File

@ -873,6 +873,10 @@ static ScopedSSL_CTX SetupCtx(const TestConfig *config) {
return nullptr;
}
if (config->use_null_client_ca_list) {
SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
}
return ssl_ctx;
}

View File

@ -2681,6 +2681,21 @@ func addClientAuthTests() {
shouldFail: true,
expectedError: ":UNEXPECTED_MESSAGE:",
})
// Regression test for a bug where the client CA list, if explicitly
// set to NULL, was mis-encoded.
testCases = append(testCases, testCase{
testType: serverTest,
name: "Null-Client-CA-List",
config: Config{
MaxVersion: VersionTLS12,
Certificates: []Certificate{rsaCertificate},
},
flags: []string{
"-require-any-client-certificate",
"-use-null-client-ca-list",
},
})
}
func addExtendedMasterSecretTests() {

View File

@ -102,6 +102,7 @@ const Flag<bool> kBoolFlags[] = {
{ "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
{ "-use-old-client-cert-callback",
&TestConfig::use_old_client_cert_callback },
{ "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
};
const Flag<std::string> kStringFlags[] = {

View File

@ -107,6 +107,7 @@ struct TestConfig {
int expect_dhe_group_size = 0;
bool use_old_client_cert_callback = false;
int initial_timeout_duration_ms = 0;
bool use_null_client_ca_list = false;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);