kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5c4271f7cb
boringssl/ssl/test/runner
History
David Benjamin 5c4271f7cb Don't reauthenticate on renegotiation. 
We currently forbid the server certificate from changing on
renegotiation. This means re-verifying the certificate is pointless and
indeed the callback being called again seems to surprise consumers more
than anything else.

Carry over the initial handshake's SCT lists and OCSP responses (don't
enforce they don't change since the server may have, say, picked up new
OCSP responses in the meantime), ignore new ones received on
renegotiation, and don't bother redoing verification.

For our purposes, TLS 1.2 renegotiation is an overcomplicated TLS 1.3
KeyUpdate + post-handshake auth. The server is not allowed to change
identity.

Bug: 126
Change-Id: I0dae85bcf243943b1a5a97fa4f30f100c9e6e41e
Reviewed-on: https://boringssl-review.googlesource.com/19665
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-08-24 16:14:22 +00:00
..
curve25519 Sync vendored copies of Go poly1305 and curve25519. 2017-03-30 20:04:23 +00:00
ed25519 Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00
poly1305 Sync vendored copies of Go poly1305 and curve25519. 2017-03-30 20:04:23 +00:00
alert.go Enforce the SSL 3.0 no_certificate alert in tests. 2017-01-04 13:41:56 +00:00
cert.pem
chacha20_poly1305_test.go Remove old ChaCha20-Poly1305 AEAD. 2017-01-19 23:27:54 +00:00
chacha20_poly1305.go Remove old ChaCha20-Poly1305 AEAD. 2017-01-19 23:27:54 +00:00
channel_id_key.pem
cipher_suites.go Unwind DHE support from BoGo. 2017-04-28 19:38:09 +00:00
common.go Don't reauthenticate on renegotiation. 2017-08-24 16:14:22 +00:00
conn.go Tolerate early ChangeCipherSpec in DTLS. 2017-08-01 22:00:52 +00:00
deterministic.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
dtls.go Only enable DTLS post-handshake rexmits if we sent the final Finished. 2017-08-23 17:13:42 +00:00
ecdsa_p224_cert.pem Support P-224 certificates as a server. 2017-02-27 21:27:39 +00:00
ecdsa_p224_key.pem Support P-224 certificates as a server. 2017-02-27 21:27:39 +00:00
ecdsa_p256_cert.pem
ecdsa_p256_key.pem
ecdsa_p384_cert.pem
ecdsa_p384_key.pem
ecdsa_p521_cert.pem
ecdsa_p521_key.pem
ed25519_cert.pem Support Ed25519 in TLS. 2017-04-06 15:30:17 +00:00
ed25519_key.pem Support Ed25519 in TLS. 2017-04-06 15:30:17 +00:00
fuzzer_mode.json Test that Finished checks are enforced in 0-RTT. 2017-08-09 00:42:34 +00:00
handshake_client.go Add tests for CertificateVerify 2017-08-10 18:44:57 +00:00
handshake_messages.go Fix handling of ServerHellos with omitted extensions. 2017-07-14 23:17:40 +00:00
handshake_server.go Don't reauthenticate on renegotiation. 2017-08-24 16:14:22 +00:00
hkdf_test.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
hkdf.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
key_agreement.go Unwind DHE support from BoGo. 2017-04-28 19:38:09 +00:00
key.pem
packet_adapter.go
prf.go Remove Fake TLS 1.3 code from prf.go. 2016-12-06 22:11:09 +00:00
recordingconn.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
rsa_1024_cert.pem
rsa_1024_key.pem Convert rsa_1024_key.pem to a PKCS#8 PEM blob. 2016-08-01 18:42:17 +00:00
rsa_chain_cert.pem Add runner tests which send intermediate certificates. 2016-11-15 01:36:37 +00:00
rsa_chain_key.pem Add runner tests which send intermediate certificates. 2016-11-15 01:36:37 +00:00
runner_test.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
runner.go Don't reauthenticate on renegotiation. 2017-08-24 16:14:22 +00:00
shim_ticket.go Test bad records at all cipher suites. 2016-11-10 16:19:51 +00:00
sign.go Support Ed25519 in TLS. 2017-04-06 15:30:17 +00:00
test_output.go
ticket.go Add Data-less Zero-RTT support. 2017-03-25 21:00:18 +00:00
tls.go Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00