Add tests for certificate mismatch.

Cover another mildly interesting error case. Change-Id: Ice773af79f5e03f39f0cd2a9e158bae03e065392 Reviewed-on: https://boringssl-review.googlesource.com/2841 Reviewed-by: Adam Langley <agl@google.com>
9 yıl önce · 6095de8da2
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -594,6 +594,11 @@ type ProtocolBugs struct {
 	// MaxPacketLength, if non-zero, is the maximum acceptable size for a
 	// packet.
 	MaxPacketLength int

 	// SendCipherSuite, if non-zero, is the cipher suite value that the
 	// server will send in the ServerHello. This does not affect the cipher
 	// the server believes it has actually negotiated.
 	SendCipherSuite uint16
 }

 func (c *Config) serverInit() {
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -444,6 +444,9 @@ func (hs *serverHandshakeState) doFullHandshake() error {

 	hs.hello.ticketSupported = hs.clientHello.ticketSupported && !config.SessionTicketsDisabled && c.vers > VersionSSL30
 	hs.hello.cipherSuite = hs.suite.id
 	if config.Bugs.SendCipherSuite != 0 {
 		hs.hello.cipherSuite = config.Bugs.SendCipherSuite
 	}
 	c.extendedMasterSecret = hs.hello.extendedMasterSecret

 	// Generate a session ID if we're to save the session.
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -588,6 +588,30 @@ var testCases = []testCase{
 		shouldFail:         true,
 		expectedLocalError: "dtls: exceeded maximum packet length",
 	},
 	{
 		name: "CertMismatchRSA",
 		config: Config{
 			CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
 			Certificates: []Certificate{getECDSACertificate()},
 			Bugs: ProtocolBugs{
 				SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 			},
 		},
 		shouldFail:    true,
 		expectedError: ":WRONG_CERTIFICATE_TYPE:",
 	},
 	{
 		name: "CertMismatchECDSA",
 		config: Config{
 			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 			Certificates: []Certificate{getRSACertificate()},
 			Bugs: ProtocolBugs{
 				SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			},
 		},
 		shouldFail:    true,
 		expectedError: ":WRONG_CERTIFICATE_TYPE:",
 	},
 }

 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {