kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add client-side tests for renegotiation_info enforcement. 

Since we hope to eventually lose server-side renegotiation support
altogether, get the client-side version of those tests. We should have
had those anyway to test that the default is to allow it.

BUG=429450

Change-Id: I4a18f339b55f3f07d77e22e823141e10a12bc9ff
Reviewed-on: https://boringssl-review.googlesource.com/4780
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 9 years ago
committed by Adam Langley
parent
6bff1ca893
commit
cff0b90cbb
5 changed files with 30 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      ssl/test/bssl_shim.cc
  2. +4
    -0
      ssl/test/runner/handshake_server.go
  3. +21
    -0
      ssl/test/runner/runner.go
  4. +1
    -0
      ssl/test/test_config.cc
  5. +1
    -0
      ssl/test/test_config.h

+ 3
- 0
ssl/test/bssl_shim.cc View File

@@ -599,6 +599,9 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
if (config->allow_unsafe_legacy_renegotiation) {
SSL_set_options(ssl.get(), SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
}
if (config->no_legacy_server_connect) {
SSL_clear_options(ssl.get(), SSL_OP_LEGACY_SERVER_CONNECT);
}
if (!config->expected_channel_id.empty()) {
SSL_enable_tls_channel_id(ssl.get());
}


+ 4
- 0
ssl/test/runner/handshake_server.go View File

@@ -274,6 +274,10 @@ Curves:
hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
}

if c.config.Bugs.NoRenegotiationInfo {
hs.hello.secureRenegotiation = nil
}

hs.hello.compressionMethod = compressionNone
hs.hello.duplicateExtension = c.config.Bugs.DuplicateExtension
if len(hs.clientHello.serverName) > 0 {


+ 21
- 0
ssl/test/runner/runner.go View File

@@ -2999,6 +2999,27 @@ func addRenegotiationTests() {
shouldFail: true,
expectedError: ":RENEGOTIATION_MISMATCH:",
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-NoExt",
renegotiate: true,
config: Config{
Bugs: ProtocolBugs{
NoRenegotiationInfo: true,
},
},
shouldFail: true,
expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
flags: []string{"-no-legacy-server-connect"},
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-NoExt-Allowed",
renegotiate: true,
config: Config{
Bugs: ProtocolBugs{
NoRenegotiationInfo: true,
},
},
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-SwitchCiphers",
renegotiate: true,


+ 1
- 0
ssl/test/test_config.cc View File

@@ -81,6 +81,7 @@ const Flag<bool> kBoolFlags[] = {
{ "-handshake-never-done", &TestConfig::handshake_never_done },
{ "-use-export-context", &TestConfig::use_export_context },
{ "-reject-peer-renegotiations", &TestConfig::reject_peer_renegotiations },
{ "-no-legacy-server-connect", &TestConfig::no_legacy_server_connect },
};

const Flag<std::string> kStringFlags[] = {


+ 1
- 0
ssl/test/test_config.h View File

@@ -78,6 +78,7 @@ struct TestConfig {
std::string export_context;
bool use_export_context = false;
bool reject_peer_renegotiations = false;
bool no_legacy_server_connect = false;
};

bool ParseConfig(int argc, char **argv, TestConfig *out_config);


Write Preview
Loading…
Cancel
Save