kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Run extensions tests at all versions.

Browse Source 
This way we can test them at TLS 1.3 as well. The tests for extensions
which will not exist in TLS 1.3 are intentionally skipped, though the
commit which adds TLS 1.3 will want to add negative tests for them.

Change-Id: I41784298cae44eb6c27b13badae700ad02f9c721
Reviewed-on: https://boringssl-review.googlesource.com/8788
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2016-07-14 16:12:00 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 46f94bdc30
commit 97d17d94e5
1 changed files with 418 additions and 385 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

803
ssl/test/runner/runner.go
View File

@ -3742,406 +3742,439 @@ func addExtensionTests() {
// halves to EncryptedExtensions in TLS 1.3. Duplicate each of these // halves to EncryptedExtensions in TLS 1.3. Duplicate each of these
// tests for both. Also test interaction with 0-RTT when implemented. // tests for both. Also test interaction with 0-RTT when implemented.
testCases = append(testCases, testCase{ // Repeat extensions tests all versions except SSL 3.0.
testType: clientTest, for _, ver := range tlsVersions {
name: "DuplicateExtensionClient", if ver.version == VersionSSL30 {
config: Config{ continue
MaxVersion: VersionTLS12, }
Bugs: ProtocolBugs{
DuplicateExtension: true, // TODO(davidben): Implement resumption in TLS 1.3.
resumeSession := ver.version < VersionTLS13
// Test that duplicate extensions are rejected.
testCases = append(testCases, testCase{
testType: clientTest,
name: "DuplicateExtensionClient-" + ver.name,
config: Config{
MaxVersion: ver.version,
Bugs: ProtocolBugs{
DuplicateExtension: true,
},
}, },
}, shouldFail: true,
shouldFail: true, expectedLocalError: "remote error: error decoding message",
expectedLocalError: "remote error: error decoding message", })
}) testCases = append(testCases, testCase{
testCases = append(testCases, testCase{ testType: serverTest,
testType: serverTest, name: "DuplicateExtensionServer-" + ver.name,
name: "DuplicateExtensionServer", config: Config{
config: Config{ MaxVersion: ver.version,
MaxVersion: VersionTLS12, Bugs: ProtocolBugs{
Bugs: ProtocolBugs{ DuplicateExtension: true,
DuplicateExtension: true, },
}, },
}, shouldFail: true,
shouldFail: true, expectedLocalError: "remote error: error decoding message",
expectedLocalError: "remote error: error decoding message", })
})
testCases = append(testCases, testCase{ // Test SNI.
testType: clientTest, testCases = append(testCases, testCase{
name: "ServerNameExtensionClient", testType: clientTest,
config: Config{ name: "ServerNameExtensionClient-" + ver.name,
MaxVersion: VersionTLS12, config: Config{
Bugs: ProtocolBugs{ MaxVersion: ver.version,
ExpectServerName: "example.com", Bugs: ProtocolBugs{
ExpectServerName: "example.com",
},
}, },
}, flags: []string{"-host-name", "example.com"},
flags: []string{"-host-name", "example.com"}, })
}) testCases = append(testCases, testCase{
testCases = append(testCases, testCase{ testType: clientTest,
testType: clientTest, name: "ServerNameExtensionClientMismatch-" + ver.name,
name: "ServerNameExtensionClientMismatch", config: Config{
config: Config{ MaxVersion: ver.version,
MaxVersion: VersionTLS12, Bugs: ProtocolBugs{
Bugs: ProtocolBugs{ ExpectServerName: "mismatch.com",
ExpectServerName: "mismatch.com", },
}, },
}, flags: []string{"-host-name", "example.com"},
flags: []string{"-host-name", "example.com"}, shouldFail: true,
shouldFail: true, expectedLocalError: "tls: unexpected server name",
expectedLocalError: "tls: unexpected server name", })
}) testCases = append(testCases, testCase{
testCases = append(testCases, testCase{ testType: clientTest,
testType: clientTest, name: "ServerNameExtensionClientMissing-" + ver.name,
name: "ServerNameExtensionClientMissing", config: Config{
config: Config{ MaxVersion: ver.version,
MaxVersion: VersionTLS12, Bugs: ProtocolBugs{
Bugs: ProtocolBugs{ ExpectServerName: "missing.com",
ExpectServerName: "missing.com", },
}, },
}, shouldFail: true,
shouldFail: true, expectedLocalError: "tls: unexpected server name",
expectedLocalError: "tls: unexpected server name", })
}) testCases = append(testCases, testCase{
testCases = append(testCases, testCase{ testType: serverTest,
testType: serverTest, name: "ServerNameExtensionServer-" + ver.name,
name: "ServerNameExtensionServer", config: Config{
config: Config{ MaxVersion: ver.version,
MaxVersion: VersionTLS12, ServerName: "example.com",
ServerName: "example.com",
},
flags: []string{"-expect-server-name", "example.com"},
resumeSession: true,
})
testCases = append(testCases, testCase{
testType: clientTest,
name: "ALPNClient",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo"},
},
flags: []string{
"-advertise-alpn", "\x03foo\x03bar\x03baz",
"-expect-alpn", "foo",
},
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo", "bar", "baz"},
},
flags: []string{
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-alpn", "foo",
},
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-Decline",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo", "bar", "baz"},
},
flags: []string{"-decline-alpn"},
expectNoNextProto: true,
resumeSession: true,
})
// Test that the server prefers ALPN over NPN.
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-Preferred",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo", "bar", "baz"},
},
flags: []string{
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-alpn", "foo",
"-advertise-npn", "\x03foo\x03bar\x03baz",
},
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: true,
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-Preferred-Swapped",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo", "bar", "baz"},
Bugs: ProtocolBugs{
SwapNPNAndALPN: true,
}, },
}, flags: []string{"-expect-server-name", "example.com"},
flags: []string{ resumeSession: resumeSession,
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz", })
"-select-alpn", "foo",
"-advertise-npn", "\x03foo\x03bar\x03baz", // Test ALPN.
}, testCases = append(testCases, testCase{
expectedNextProto: "foo", testType: clientTest,
expectedNextProtoType: alpn, name: "ALPNClient-" + ver.name,
resumeSession: true, config: Config{
}) MaxVersion: ver.version,
var emptyString string NextProtos: []string{"foo"},
testCases = append(testCases, testCase{ },
testType: clientTest, flags: []string{
name: "ALPNClient-EmptyProtocolName", "-advertise-alpn", "\x03foo\x03bar\x03baz",
config: Config{ "-expect-alpn", "foo",
MaxVersion: VersionTLS12, },
NextProtos: []string{""}, expectedNextProto: "foo",
Bugs: ProtocolBugs{ expectedNextProtoType: alpn,
// A server returning an empty ALPN protocol resumeSession: resumeSession,
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{"foo", "bar", "baz"},
},
flags: []string{
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-alpn", "foo",
},
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: resumeSession,
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-Decline-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{"foo", "bar", "baz"},
},
flags: []string{"-decline-alpn"},
expectNoNextProto: true,
resumeSession: resumeSession,
})
var emptyString string
testCases = append(testCases, testCase{
testType: clientTest,
name: "ALPNClient-EmptyProtocolName-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{""},
Bugs: ProtocolBugs{
// A server returning an empty ALPN protocol
// should be rejected.
ALPNProtocol: &emptyString,
},
},
flags: []string{
"-advertise-alpn", "\x03foo",
},
shouldFail: true,
expectedError: ":PARSE_TLSEXT:",
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-EmptyProtocolName-" + ver.name,
config: Config{
MaxVersion: ver.version,
// A ClientHello containing an empty ALPN protocol
// should be rejected. // should be rejected.
ALPNProtocol: &emptyString, NextProtos: []string{"foo", "", "baz"},
}, },
}, flags: []string{
flags: []string{ "-select-alpn", "foo",
"-advertise-alpn", "\x03foo",
},
shouldFail: true,
expectedError: ":PARSE_TLSEXT:",
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-EmptyProtocolName",
config: Config{
MaxVersion: VersionTLS12,
// A ClientHello containing an empty ALPN protocol
// should be rejected.
NextProtos: []string{"foo", "", "baz"},
},
flags: []string{
"-select-alpn", "foo",
},
shouldFail: true,
expectedError: ":PARSE_TLSEXT:",
})
// Test that negotiating both NPN and ALPN is forbidden.
testCases = append(testCases, testCase{
name: "NegotiateALPNAndNPN",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo", "bar", "baz"},
Bugs: ProtocolBugs{
NegotiateALPNAndNPN: true,
}, },
}, shouldFail: true,
flags: []string{ expectedError: ":PARSE_TLSEXT:",
"-advertise-alpn", "\x03foo", })
"-select-next-proto", "foo",
}, // Test NPN and the interaction with ALPN.
shouldFail: true, if ver.version < VersionTLS13 {
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:", // Test that the server prefers ALPN over NPN.
}) testCases = append(testCases, testCase{
testCases = append(testCases, testCase{ testType: serverTest,
name: "NegotiateALPNAndNPN-Swapped", name: "ALPNServer-Preferred-" + ver.name,
config: Config{ config: Config{
MaxVersion: VersionTLS12, MaxVersion: ver.version,
NextProtos: []string{"foo", "bar", "baz"}, NextProtos: []string{"foo", "bar", "baz"},
Bugs: ProtocolBugs{ },
NegotiateALPNAndNPN: true, flags: []string{
SwapNPNAndALPN: true, "-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-alpn", "foo",
"-advertise-npn", "\x03foo\x03bar\x03baz",
},
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: resumeSession,
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "ALPNServer-Preferred-Swapped-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{"foo", "bar", "baz"},
Bugs: ProtocolBugs{
SwapNPNAndALPN: true,
},
},
flags: []string{
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
"-select-alpn", "foo",
"-advertise-npn", "\x03foo\x03bar\x03baz",
},
expectedNextProto: "foo",
expectedNextProtoType: alpn,
resumeSession: resumeSession,
})
// Test that negotiating both NPN and ALPN is forbidden.
testCases = append(testCases, testCase{
name: "NegotiateALPNAndNPN-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{"foo", "bar", "baz"},
Bugs: ProtocolBugs{
NegotiateALPNAndNPN: true,
},
},
flags: []string{
"-advertise-alpn", "\x03foo",
"-select-next-proto", "foo",
},
shouldFail: true,
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
})
testCases = append(testCases, testCase{
name: "NegotiateALPNAndNPN-Swapped-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{"foo", "bar", "baz"},
Bugs: ProtocolBugs{
NegotiateALPNAndNPN: true,
SwapNPNAndALPN: true,
},
},
flags: []string{
"-advertise-alpn", "\x03foo",
"-select-next-proto", "foo",
},
shouldFail: true,
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
})
// Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
testCases = append(testCases, testCase{
name: "DisableNPN-" + ver.name,
config: Config{
MaxVersion: ver.version,
NextProtos: []string{"foo"},
},
flags: []string{
"-select-next-proto", "foo",
"-disable-npn",
},
expectNoNextProto: true,
})
}
// Test ticket behavior.
//
// TODO(davidben): Add TLS 1.3 versions of these.
if ver.version < VersionTLS13 {
// Resume with a corrupt ticket.
testCases = append(testCases, testCase{
testType: serverTest,
name: "CorruptTicket-" + ver.name,
config: Config{
MaxVersion: ver.version,
Bugs: ProtocolBugs{
CorruptTicket: true,
},
},
resumeSession: true,
expectResumeRejected: true,
})
// Test the ticket callback, with and without renewal.
testCases = append(testCases, testCase{
testType: serverTest,
name: "TicketCallback-" + ver.name,
config: Config{
MaxVersion: ver.version,
},
resumeSession: true,
flags: []string{"-use-ticket-callback"},
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "TicketCallback-Renew-" + ver.name,
config: Config{
MaxVersion: ver.version,
Bugs: ProtocolBugs{
ExpectNewTicket: true,
},
},
flags: []string{"-use-ticket-callback", "-renew-ticket"},
resumeSession: true,
})
// Resume with an oversized session id.
testCases = append(testCases, testCase{
testType: serverTest,
name: "OversizedSessionId-" + ver.name,
config: Config{
MaxVersion: ver.version,
Bugs: ProtocolBugs{
OversizedSessionId: true,
},
},
resumeSession: true,
shouldFail: true,
expectedError: ":DECODE_ERROR:",
})
}
// Basic DTLS-SRTP tests. Include fake profiles to ensure they
// are ignored.
if ver.hasDTLS {
testCases = append(testCases, testCase{
protocol: dtls,
name: "SRTP-Client-" + ver.name,
config: Config{
MaxVersion: ver.version,
SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
})
testCases = append(testCases, testCase{
protocol: dtls,
testType: serverTest,
name: "SRTP-Server-" + ver.name,
config: Config{
MaxVersion: ver.version,
SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
})
// Test that the MKI is ignored.
testCases = append(testCases, testCase{
protocol: dtls,
testType: serverTest,
name: "SRTP-Server-IgnoreMKI-" + ver.name,
config: Config{
MaxVersion: ver.version,
SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
Bugs: ProtocolBugs{
SRTPMasterKeyIdentifer: "bogus",
},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
})
// Test that SRTP isn't negotiated on the server if there were
// no matching profiles.
testCases = append(testCases, testCase{
protocol: dtls,
testType: serverTest,
name: "SRTP-Server-NoMatch-" + ver.name,
config: Config{
MaxVersion: ver.version,
SRTPProtectionProfiles: []uint16{100, 101, 102},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: 0,
})
// Test that the server returning an invalid SRTP profile is
// flagged as an error by the client.
testCases = append(testCases, testCase{
protocol: dtls,
name: "SRTP-Client-NoMatch-" + ver.name,
config: Config{
MaxVersion: ver.version,
Bugs: ProtocolBugs{
SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80",
},
shouldFail: true,
expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
})
}
// Test SCT list.
testCases = append(testCases, testCase{
name: "SignedCertificateTimestampList-Client-" + ver.name,
testType: clientTest,
config: Config{
MaxVersion: ver.version,
}, },
}, flags: []string{
flags: []string{ "-enable-signed-cert-timestamps",
"-advertise-alpn", "\x03foo", "-expect-signed-cert-timestamps",
"-select-next-proto", "foo", base64.StdEncoding.EncodeToString(testSCTList),
},
shouldFail: true,
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
})
// Test that NPN can be disabled with SSL_OP_DISABLE_NPN.
testCases = append(testCases, testCase{
name: "DisableNPN",
config: Config{
MaxVersion: VersionTLS12,
NextProtos: []string{"foo"},
},
flags: []string{
"-select-next-proto", "foo",
"-disable-npn",
},
expectNoNextProto: true,
})
// Resume with a corrupt ticket.
testCases = append(testCases, testCase{
testType: serverTest,
name: "CorruptTicket",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
CorruptTicket: true,
}, },
}, resumeSession: resumeSession,
resumeSession: true, })
expectResumeRejected: true, testCases = append(testCases, testCase{
}) name: "SendSCTListOnResume-" + ver.name,
// Test the ticket callback, with and without renewal. config: Config{
testCases = append(testCases, testCase{ MaxVersion: ver.version,
testType: serverTest, Bugs: ProtocolBugs{
name: "TicketCallback", SendSCTListOnResume: []byte("bogus"),
config: Config{ },
MaxVersion: VersionTLS12,
},
resumeSession: true,
flags: []string{"-use-ticket-callback"},
})
testCases = append(testCases, testCase{
testType: serverTest,
name: "TicketCallback-Renew",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
ExpectNewTicket: true,
}, },
}, flags: []string{
flags: []string{"-use-ticket-callback", "-renew-ticket"}, "-enable-signed-cert-timestamps",
resumeSession: true, "-expect-signed-cert-timestamps",
}) base64.StdEncoding.EncodeToString(testSCTList),
// Resume with an oversized session id.
testCases = append(testCases, testCase{
testType: serverTest,
name: "OversizedSessionId",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
OversizedSessionId: true,
}, },
}, resumeSession: resumeSession,
resumeSession: true, })
shouldFail: true, testCases = append(testCases, testCase{
expectedError: ":DECODE_ERROR:", name: "SignedCertificateTimestampList-Server-" + ver.name,
}) testType: serverTest,
// Basic DTLS-SRTP tests. Include fake profiles to ensure they config: Config{
// are ignored. MaxVersion: ver.version,
testCases = append(testCases, testCase{
protocol: dtls,
name: "SRTP-Client",
config: Config{
MaxVersion: VersionTLS12,
SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
})
testCases = append(testCases, testCase{
protocol: dtls,
testType: serverTest,
name: "SRTP-Server",
config: Config{
MaxVersion: VersionTLS12,
SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
})
// Test that the MKI is ignored.
testCases = append(testCases, testCase{
protocol: dtls,
testType: serverTest,
name: "SRTP-Server-IgnoreMKI",
config: Config{
MaxVersion: VersionTLS12,
SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
Bugs: ProtocolBugs{
SRTPMasterKeyIdentifer: "bogus",
}, },
}, flags: []string{
flags: []string{ "-signed-cert-timestamps",
"-srtp-profiles", base64.StdEncoding.EncodeToString(testSCTList),
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
})
// Test that SRTP isn't negotiated on the server if there were
// no matching profiles.
testCases = append(testCases, testCase{
protocol: dtls,
testType: serverTest,
name: "SRTP-Server-NoMatch",
config: Config{
MaxVersion: VersionTLS12,
SRTPProtectionProfiles: []uint16{100, 101, 102},
},
flags: []string{
"-srtp-profiles",
"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
},
expectedSRTPProtectionProfile: 0,
})
// Test that the server returning an invalid SRTP profile is
// flagged as an error by the client.
testCases = append(testCases, testCase{
protocol: dtls,
name: "SRTP-Client-NoMatch",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
}, },
}, expectedSCTList: testSCTList,
flags: []string{ resumeSession: resumeSession,
"-srtp-profiles", })
"SRTP_AES128_CM_SHA1_80", }
},
shouldFail: true,
expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
})
// Test SCT list.
testCases = append(testCases, testCase{
name: "SignedCertificateTimestampList-Client",
testType: clientTest,
config: Config{
MaxVersion: VersionTLS12,
},
flags: []string{
"-enable-signed-cert-timestamps",
"-expect-signed-cert-timestamps",
base64.StdEncoding.EncodeToString(testSCTList),
},
resumeSession: true,
})
testCases = append(testCases, testCase{
name: "SendSCTListOnResume",
config: Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
SendSCTListOnResume: []byte("bogus"),
},
},
flags: []string{
"-enable-signed-cert-timestamps",
"-expect-signed-cert-timestamps",
base64.StdEncoding.EncodeToString(testSCTList),
},
resumeSession: true,
})
testCases = append(testCases, testCase{
name: "SignedCertificateTimestampList-Server",
testType: serverTest,
config: Config{
MaxVersion: VersionTLS12,
},
flags: []string{
"-signed-cert-timestamps",
base64.StdEncoding.EncodeToString(testSCTList),
},
expectedSCTList: testSCTList,
resumeSession: true,
})
testCases = append(testCases, testCase{ testCases = append(testCases, testCase{
testType: clientTest, testType: clientTest,