Actually test the TLS 1.3 experimental variant.
Adding it to tlsVersions is sort of pointless when we don't test it. Change-Id: Ie0c0167cef887aee54e5be90bf7fc98619c1a6fb Reviewed-on: https://boringssl-review.googlesource.com/17708 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
038da9b939
commit
a502239475
@ -456,6 +456,10 @@ type testCase struct {
|
||||
// resumeShimPrefix is the prefix that the shim will send to the server on a
|
||||
// resumption.
|
||||
resumeShimPrefix string
|
||||
// tls13Variant, if non-zero, causes both runner and shim to be
|
||||
// configured with the specified TLS 1.3 variant. This is a convenience
|
||||
// option for configuring both concurrently.
|
||||
tls13Variant int
|
||||
}
|
||||
|
||||
var testCases []testCase
|
||||
@ -930,11 +934,23 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
|
||||
continue
|
||||
}
|
||||
|
||||
if test.config.MaxVersion != 0 || test.config.MinVersion != 0 || test.expectedVersion != 0 {
|
||||
continue
|
||||
if test.config.MaxVersion == 0 && test.config.MinVersion == 0 && test.expectedVersion == 0 {
|
||||
panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
|
||||
}
|
||||
|
||||
if ver.tls13Variant != 0 {
|
||||
var foundFlag bool
|
||||
for _, flag := range test.flags {
|
||||
if flag == "-tls13-variant" {
|
||||
foundFlag = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !foundFlag && test.config.TLS13Variant != ver.tls13Variant && test.tls13Variant != ver.tls13Variant {
|
||||
panic(fmt.Sprintf("The name of test %q suggests that uses an experimental TLS 1.3 variant, but neither the shim nor the runner configures it", test.name))
|
||||
}
|
||||
}
|
||||
|
||||
panic(fmt.Sprintf("The name of test %q suggests that it's version specific, but min/max version in the Config is %x/%x. One of them should probably be %x", test.name, test.config.MinVersion, test.config.MaxVersion, ver.version))
|
||||
}
|
||||
|
||||
listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv6loopback})
|
||||
@ -1013,6 +1029,11 @@ func runTest(test *testCase, shimPath string, mallocNumToFail int64) error {
|
||||
flags = append(flags, "-tls-unique")
|
||||
}
|
||||
|
||||
if test.tls13Variant != 0 {
|
||||
test.config.TLS13Variant = test.tls13Variant
|
||||
flags = append(flags, "-tls13-variant", strconv.Itoa(test.tls13Variant))
|
||||
}
|
||||
|
||||
var transcriptPrefix string
|
||||
if len(*transcriptDir) != 0 {
|
||||
protocol := "tls"
|
||||
@ -2794,6 +2815,7 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
|
||||
AdvertiseAllConfiguredCiphers: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
certFile: certFile,
|
||||
keyFile: keyFile,
|
||||
flags: flags,
|
||||
@ -2819,6 +2841,7 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
|
||||
SendCipherSuite: sendCipherSuite,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: flags,
|
||||
resumeSession: true,
|
||||
shouldFail: shouldClientFail,
|
||||
@ -2842,6 +2865,7 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
|
||||
PreSharedKey: []byte(psk),
|
||||
PreSharedKeyIdentity: pskIdentity,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: flags,
|
||||
messageLen: maxPlaintext,
|
||||
})
|
||||
@ -2866,6 +2890,7 @@ func addTestForCipherSuite(suite testCipherSuite, ver tlsVersion, protocol proto
|
||||
PreSharedKey: []byte(psk),
|
||||
PreSharedKeyIdentity: pskIdentity,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: flags,
|
||||
damageFirstWrite: true,
|
||||
messageLen: maxPlaintext,
|
||||
@ -3333,6 +3358,7 @@ func addClientAuthTests() {
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
ClientCAs: certPool,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
|
||||
"-key-file", path.Join(*resourceDir, rsaKeyFile),
|
||||
@ -3346,6 +3372,7 @@ func addClientAuthTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-require-any-client-certificate"},
|
||||
})
|
||||
if ver.version != VersionSSL30 {
|
||||
@ -3357,6 +3384,7 @@ func addClientAuthTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{ecdsaP256Certificate},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-require-any-client-certificate"},
|
||||
})
|
||||
testCases = append(testCases, testCase{
|
||||
@ -3368,6 +3396,7 @@ func addClientAuthTests() {
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
ClientCAs: certPool,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, ecdsaP256CertificateFile),
|
||||
"-key-file", path.Join(*resourceDir, ecdsaP256KeyFile),
|
||||
@ -3382,6 +3411,7 @@ func addClientAuthTests() {
|
||||
MaxVersion: ver.version,
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedLocalError: "client didn't provide a certificate",
|
||||
})
|
||||
@ -3395,6 +3425,7 @@ func addClientAuthTests() {
|
||||
MinVersion: ver.version,
|
||||
MaxVersion: ver.version,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-expect-verify-result",
|
||||
},
|
||||
@ -3410,6 +3441,7 @@ func addClientAuthTests() {
|
||||
MinVersion: ver.version,
|
||||
MaxVersion: ver.version,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-expect-verify-result",
|
||||
"-verify-peer",
|
||||
@ -3431,6 +3463,7 @@ func addClientAuthTests() {
|
||||
MaxVersion: ver.version,
|
||||
},
|
||||
flags: []string{"-require-any-client-certificate"},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
|
||||
expectedLocalError: certificateRequired,
|
||||
@ -3449,6 +3482,7 @@ func addClientAuthTests() {
|
||||
},
|
||||
// Setting SSL_VERIFY_PEER allows anonymous clients.
|
||||
flags: []string{"-verify-peer"},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":UNEXPECTED_MESSAGE:",
|
||||
})
|
||||
@ -3464,6 +3498,7 @@ func addClientAuthTests() {
|
||||
"-enable-channel-id",
|
||||
"-verify-peer-if-no-obc",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":PEER_DID_NOT_RETURN_A_CERTIFICATE:",
|
||||
expectedLocalError: certificateRequired,
|
||||
@ -3478,6 +3513,7 @@ func addClientAuthTests() {
|
||||
ChannelID: channelIDKey,
|
||||
},
|
||||
expectChannelID: true,
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-enable-channel-id",
|
||||
"-verify-peer-if-no-obc",
|
||||
@ -3496,6 +3532,7 @@ func addClientAuthTests() {
|
||||
ExpectCertificateReqNames: caNames,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-require-any-client-certificate",
|
||||
"-use-client-ca-list", encodeDERValues(caNames),
|
||||
@ -3512,6 +3549,7 @@ func addClientAuthTests() {
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
ClientCAs: certPool,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, rsaCertificateFile),
|
||||
"-key-file", path.Join(*resourceDir, rsaKeyFile),
|
||||
@ -3611,6 +3649,7 @@ func addExtendedMasterSecretTests() {
|
||||
RequireExtendedMasterSecret: with,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: flags,
|
||||
shouldFail: ver.version == VersionSSL30 && with,
|
||||
}
|
||||
@ -4462,6 +4501,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
MaxVersion: vers.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
flags: []string{
|
||||
flag,
|
||||
"-expect-verify-result",
|
||||
@ -4475,6 +4515,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
MaxVersion: vers.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
flags: []string{
|
||||
flag,
|
||||
"-verify-fail",
|
||||
@ -4493,6 +4534,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
MaxVersion: vers.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
flags: []string{
|
||||
"-verify-fail",
|
||||
"-expect-verify-result",
|
||||
@ -4652,6 +4694,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
MaxVersion: ver.version,
|
||||
RequestChannelID: true,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-send-channel-id", path.Join(*resourceDir, channelIDKeyFile)},
|
||||
resumeSession: true,
|
||||
expectChannelID: true,
|
||||
@ -4665,6 +4708,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
MaxVersion: ver.version,
|
||||
ChannelID: channelIDKey,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-expect-channel-id",
|
||||
base64.StdEncoding.EncodeToString(channelIDBytes),
|
||||
@ -4683,6 +4727,7 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
|
||||
InvalidChannelIDSignature: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-enable-channel-id"},
|
||||
shouldFail: true,
|
||||
expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:",
|
||||
@ -5423,6 +5468,7 @@ func addExtensionTests() {
|
||||
DuplicateExtension: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedLocalError: "remote error: error decoding message",
|
||||
})
|
||||
@ -5435,6 +5481,7 @@ func addExtensionTests() {
|
||||
DuplicateExtension: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedLocalError: "remote error: error decoding message",
|
||||
})
|
||||
@ -5449,6 +5496,7 @@ func addExtensionTests() {
|
||||
ExpectServerName: "example.com",
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-host-name", "example.com"},
|
||||
})
|
||||
testCases = append(testCases, testCase{
|
||||
@ -5461,6 +5509,7 @@ func addExtensionTests() {
|
||||
},
|
||||
},
|
||||
flags: []string{"-host-name", "example.com"},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedLocalError: "tls: unexpected server name",
|
||||
})
|
||||
@ -5473,6 +5522,7 @@ func addExtensionTests() {
|
||||
ExpectServerName: "missing.com",
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedLocalError: "tls: unexpected server name",
|
||||
})
|
||||
@ -5485,6 +5535,7 @@ func addExtensionTests() {
|
||||
SendServerNameAck: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-host-name", "example.com"},
|
||||
resumeSession: true,
|
||||
})
|
||||
@ -5497,6 +5548,7 @@ func addExtensionTests() {
|
||||
SendServerNameAck: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":UNEXPECTED_EXTENSION:",
|
||||
expectedLocalError: "remote error: unsupported extension",
|
||||
@ -5508,6 +5560,7 @@ func addExtensionTests() {
|
||||
MaxVersion: ver.version,
|
||||
ServerName: "example.com",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-expect-server-name", "example.com"},
|
||||
resumeSession: true,
|
||||
})
|
||||
@ -5524,6 +5577,7 @@ func addExtensionTests() {
|
||||
"-advertise-alpn", "\x03foo\x03bar\x03baz",
|
||||
"-expect-alpn", "foo",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectedNextProto: "foo",
|
||||
expectedNextProtoType: alpn,
|
||||
resumeSession: true,
|
||||
@ -5540,6 +5594,7 @@ func addExtensionTests() {
|
||||
flags: []string{
|
||||
"-advertise-alpn", "\x03foo\x03bar",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":INVALID_ALPN_PROTOCOL:",
|
||||
expectedLocalError: "remote error: illegal parameter",
|
||||
@ -5558,6 +5613,7 @@ func addExtensionTests() {
|
||||
"-allow-unknown-alpn-protos",
|
||||
"-expect-alpn", "baz",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
})
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
@ -5570,6 +5626,7 @@ func addExtensionTests() {
|
||||
"-expect-advertised-alpn", "\x03foo\x03bar\x03baz",
|
||||
"-select-alpn", "foo",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectedNextProto: "foo",
|
||||
expectedNextProtoType: alpn,
|
||||
resumeSession: true,
|
||||
@ -5582,6 +5639,7 @@ func addExtensionTests() {
|
||||
NextProtos: []string{"foo", "bar", "baz"},
|
||||
},
|
||||
flags: []string{"-decline-alpn"},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectNoNextProto: true,
|
||||
resumeSession: true,
|
||||
})
|
||||
@ -5602,6 +5660,7 @@ func addExtensionTests() {
|
||||
"-select-alpn", "foo",
|
||||
"-async",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectedNextProto: "foo",
|
||||
expectedNextProtoType: alpn,
|
||||
resumeSession: true,
|
||||
@ -5623,6 +5682,7 @@ func addExtensionTests() {
|
||||
flags: []string{
|
||||
"-advertise-alpn", "\x03foo",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":PARSE_TLSEXT:",
|
||||
})
|
||||
@ -5638,6 +5698,7 @@ func addExtensionTests() {
|
||||
flags: []string{
|
||||
"-select-alpn", "foo",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":PARSE_TLSEXT:",
|
||||
})
|
||||
@ -5657,6 +5718,7 @@ func addExtensionTests() {
|
||||
"-select-alpn", "foo",
|
||||
"-advertise-npn", "\x03foo\x03bar\x03baz",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectedNextProto: "foo",
|
||||
expectedNextProtoType: alpn,
|
||||
resumeSession: true,
|
||||
@ -5676,6 +5738,7 @@ func addExtensionTests() {
|
||||
"-select-alpn", "foo",
|
||||
"-advertise-npn", "\x03foo\x03bar\x03baz",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectedNextProto: "foo",
|
||||
expectedNextProtoType: alpn,
|
||||
resumeSession: true,
|
||||
@ -5695,6 +5758,7 @@ func addExtensionTests() {
|
||||
"-advertise-alpn", "\x03foo",
|
||||
"-select-next-proto", "foo",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
|
||||
})
|
||||
@ -5712,6 +5776,7 @@ func addExtensionTests() {
|
||||
"-advertise-alpn", "\x03foo",
|
||||
"-select-next-proto", "foo",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":NEGOTIATED_BOTH_NPN_AND_ALPN:",
|
||||
})
|
||||
@ -5732,6 +5797,7 @@ func addExtensionTests() {
|
||||
},
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
resumeSession: true,
|
||||
expectResumeRejected: true,
|
||||
})
|
||||
@ -5742,6 +5808,7 @@ func addExtensionTests() {
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
resumeSession: true,
|
||||
flags: []string{"-use-ticket-callback"},
|
||||
})
|
||||
@ -5754,6 +5821,7 @@ func addExtensionTests() {
|
||||
ExpectNewTicket: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{"-use-ticket-callback", "-renew-ticket"},
|
||||
resumeSession: true,
|
||||
})
|
||||
@ -5773,6 +5841,7 @@ func addExtensionTests() {
|
||||
},
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
resumeSession: true,
|
||||
expectResumeRejected: true,
|
||||
flags: []string{
|
||||
@ -5928,6 +5997,7 @@ func addExtensionTests() {
|
||||
"-expect-signed-cert-timestamps",
|
||||
base64.StdEncoding.EncodeToString(testSCTList),
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
resumeSession: true,
|
||||
})
|
||||
|
||||
@ -5950,6 +6020,7 @@ func addExtensionTests() {
|
||||
"-expect-signed-cert-timestamps",
|
||||
base64.StdEncoding.EncodeToString(testSCTList),
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
resumeSession: true,
|
||||
})
|
||||
|
||||
@ -5963,6 +6034,7 @@ func addExtensionTests() {
|
||||
"-signed-cert-timestamps",
|
||||
base64.StdEncoding.EncodeToString(testSCTList),
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectedSCTList: testSCTList,
|
||||
resumeSession: true,
|
||||
})
|
||||
@ -5981,6 +6053,7 @@ func addExtensionTests() {
|
||||
flags: []string{
|
||||
"-enable-signed-cert-timestamps",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":ERROR_PARSING_EXTENSION:",
|
||||
})
|
||||
@ -5999,6 +6072,7 @@ func addExtensionTests() {
|
||||
flags: []string{
|
||||
"-enable-signed-cert-timestamps",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":ERROR_PARSING_EXTENSION:",
|
||||
})
|
||||
@ -6014,6 +6088,7 @@ func addExtensionTests() {
|
||||
NoSignedCertificateTimestamps: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-ocsp-response",
|
||||
base64.StdEncoding.EncodeToString(testOCSPResponse),
|
||||
@ -7460,6 +7535,7 @@ func addSignatureAlgorithmTests() {
|
||||
"-enable-all-curves",
|
||||
"-enable-ed25519",
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: shouldSignFail,
|
||||
expectedError: signError,
|
||||
expectedPeerSignatureAlgorithm: alg.id,
|
||||
@ -7481,6 +7557,7 @@ func addSignatureAlgorithmTests() {
|
||||
IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-require-any-client-certificate",
|
||||
"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
|
||||
@ -7508,6 +7585,7 @@ func addSignatureAlgorithmTests() {
|
||||
fakeSigAlg2,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
|
||||
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
|
||||
@ -7536,6 +7614,7 @@ func addSignatureAlgorithmTests() {
|
||||
IgnorePeerSignatureAlgorithmPreferences: shouldVerifyFail,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id)),
|
||||
"-enable-all-curves",
|
||||
@ -7562,6 +7641,7 @@ func addSignatureAlgorithmTests() {
|
||||
InvalidSignature: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-require-any-client-certificate",
|
||||
"-enable-all-curves",
|
||||
@ -7584,6 +7664,7 @@ func addSignatureAlgorithmTests() {
|
||||
InvalidSignature: true,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-enable-all-curves",
|
||||
"-enable-ed25519",
|
||||
@ -7601,6 +7682,7 @@ func addSignatureAlgorithmTests() {
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
VerifySignatureAlgorithms: allAlgorithms,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
|
||||
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
|
||||
@ -7619,6 +7701,7 @@ func addSignatureAlgorithmTests() {
|
||||
CipherSuites: signingCiphers,
|
||||
VerifySignatureAlgorithms: allAlgorithms,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
|
||||
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
|
||||
@ -8549,6 +8632,7 @@ func addExportKeyingMaterialTests() {
|
||||
config: Config{
|
||||
MaxVersion: vers.version,
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
exportKeyingMaterial: 1024,
|
||||
exportLabel: "label",
|
||||
exportContext: "context",
|
||||
@ -8559,6 +8643,7 @@ func addExportKeyingMaterialTests() {
|
||||
config: Config{
|
||||
MaxVersion: vers.version,
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
exportKeyingMaterial: 1024,
|
||||
})
|
||||
testCases = append(testCases, testCase{
|
||||
@ -8566,6 +8651,7 @@ func addExportKeyingMaterialTests() {
|
||||
config: Config{
|
||||
MaxVersion: vers.version,
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
exportKeyingMaterial: 1024,
|
||||
useExportContext: true,
|
||||
})
|
||||
@ -8574,6 +8660,7 @@ func addExportKeyingMaterialTests() {
|
||||
config: Config{
|
||||
MaxVersion: vers.version,
|
||||
},
|
||||
tls13Variant: vers.tls13Variant,
|
||||
exportKeyingMaterial: 1,
|
||||
exportLabel: "label",
|
||||
exportContext: "context",
|
||||
@ -10377,7 +10464,7 @@ func addTLS13HandshakeTests() {
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SkipEarlyData-Experiment",
|
||||
name: "SkipEarlyData-TLS13Experiment",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
TLS13Variant: TLS13Experiment,
|
||||
@ -11556,6 +11643,7 @@ func addRecordVersionTests() {
|
||||
SendRecordVersion: 0x03ff,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":WRONG_VERSION_NUMBER:",
|
||||
})
|
||||
@ -11572,6 +11660,7 @@ func addRecordVersionTests() {
|
||||
SendInitialRecordVersion: 0x03ff,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
})
|
||||
|
||||
// Test that garbage ClientHello record versions are rejected.
|
||||
@ -11585,6 +11674,7 @@ func addRecordVersionTests() {
|
||||
SendInitialRecordVersion: 0xffff,
|
||||
},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":WRONG_VERSION_NUMBER:",
|
||||
})
|
||||
@ -11604,6 +11694,7 @@ func addCertificateTests() {
|
||||
Certificates: []Certificate{rsaChainCertificate},
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectPeerCertificate: &rsaChainCertificate,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
|
||||
@ -11620,6 +11711,7 @@ func addCertificateTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{rsaChainCertificate},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
expectPeerCertificate: &rsaChainCertificate,
|
||||
flags: []string{
|
||||
"-cert-file", path.Join(*resourceDir, rsaChainCertificateFile),
|
||||
@ -11643,6 +11735,7 @@ func addRetainOnlySHA256ClientCertTests() {
|
||||
MinVersion: ver.version,
|
||||
MaxVersion: ver.version,
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-retain-only-sha256-client-cert-initial",
|
||||
"-retain-only-sha256-client-cert-resume",
|
||||
@ -11660,6 +11753,7 @@ func addRetainOnlySHA256ClientCertTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-verify-peer",
|
||||
"-retain-only-sha256-client-cert-initial",
|
||||
@ -11681,6 +11775,7 @@ func addRetainOnlySHA256ClientCertTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-verify-peer",
|
||||
"-retain-only-sha256-client-cert-initial",
|
||||
@ -11701,6 +11796,7 @@ func addRetainOnlySHA256ClientCertTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
flags: []string{
|
||||
"-verify-peer",
|
||||
"-retain-only-sha256-client-cert-resume",
|
||||
@ -11763,6 +11859,7 @@ func addECDSAKeyUsageTests() {
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{cert},
|
||||
},
|
||||
tls13Variant: ver.tls13Variant,
|
||||
shouldFail: true,
|
||||
expectedError: ":ECC_CERT_NOT_FOR_SIGNING:",
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user