Make bogo advertise and test only for draft 22
Current bogo tests for draft18, patch that to use draft22. Patch from https://boringssl-review.googlesource.com/c/boringssl/+/23704/2 Upstream commit e1068b76bd1d7f6ea06c90faa523ad8d562ec11b ("Test RSA premaster unpad better.") added another version-specific test, disable that since no protection is implemented.
This commit is contained in:
parent
e74f36ba09
commit
81cc32b846
@ -8,7 +8,8 @@
|
||||
"*-NoTickets-*": "Session IDs not supported",
|
||||
"*-AES256-SHA384-*": "AES256-CBC-SHA384 not supported",
|
||||
|
||||
"BadRSAClientKeyExchange-4": "See comment in processClientKeyExchange",
|
||||
"BadRSAClientKeyExchange-4": "case RSABadValueWrongVersion1 - See comment in processClientKeyExchange",
|
||||
"BadRSAClientKeyExchange-5": "case RSABadValueWrongVersion2 - See comment in processClientKeyExchange",
|
||||
|
||||
"GREASE-Server-TLS13": "TODO",
|
||||
"DuplicateExtensionServer-*": "TODO",
|
||||
|
79
vendor/bogo-draft22.diff
vendored
Normal file
79
vendor/bogo-draft22.diff
vendored
Normal file
@ -0,0 +1,79 @@
|
||||
diff --git a/vendor/github.com/google/boringssl/ssl/test/runner/runner.go b/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
|
||||
index 8700af2..6084f42 100644
|
||||
--- a/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
|
||||
+++ b/vendor/github.com/google/boringssl/ssl/test/runner/runner.go
|
||||
@@ -540,6 +540,7 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
|
||||
if test.tls13Variant != 0 {
|
||||
config.TLS13Variant = test.tls13Variant
|
||||
}
|
||||
+ config.TLS13Variant = TLS13Draft22
|
||||
|
||||
conn = &timeoutConn{conn, *idleTimeout}
|
||||
|
||||
@@ -1297,20 +1298,6 @@ var tlsVersions = []tlsVersion{
|
||||
hasDTLS: true,
|
||||
versionDTLS: VersionDTLS12,
|
||||
},
|
||||
- {
|
||||
- name: "TLS13",
|
||||
- version: VersionTLS13,
|
||||
- excludeFlag: "-no-tls13",
|
||||
- versionWire: tls13DraftVersion,
|
||||
- tls13Variant: TLS13Default,
|
||||
- },
|
||||
- {
|
||||
- name: "TLS13Draft21",
|
||||
- version: VersionTLS13,
|
||||
- excludeFlag: "-no-tls13",
|
||||
- versionWire: tls13Draft21Version,
|
||||
- tls13Variant: TLS13Draft21,
|
||||
- },
|
||||
{
|
||||
name: "TLS13Draft22",
|
||||
version: VersionTLS13,
|
||||
@@ -1318,27 +1305,6 @@ var tlsVersions = []tlsVersion{
|
||||
versionWire: tls13Draft22Version,
|
||||
tls13Variant: TLS13Draft22,
|
||||
},
|
||||
- {
|
||||
- name: "TLS13Experiment",
|
||||
- version: VersionTLS13,
|
||||
- excludeFlag: "-no-tls13",
|
||||
- versionWire: tls13ExperimentVersion,
|
||||
- tls13Variant: TLS13Experiment,
|
||||
- },
|
||||
- {
|
||||
- name: "TLS13Experiment2",
|
||||
- version: VersionTLS13,
|
||||
- excludeFlag: "-no-tls13",
|
||||
- versionWire: tls13Experiment2Version,
|
||||
- tls13Variant: TLS13Experiment2,
|
||||
- },
|
||||
- {
|
||||
- name: "TLS13Experiment3",
|
||||
- version: VersionTLS13,
|
||||
- excludeFlag: "-no-tls13",
|
||||
- versionWire: tls13Experiment3Version,
|
||||
- tls13Variant: TLS13Experiment3,
|
||||
- },
|
||||
}
|
||||
|
||||
func allVersions(protocol protocol) []tlsVersion {
|
||||
@@ -5485,7 +5451,7 @@ func addVersionNegotiationTests() {
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
- SendServerSupportedExtensionVersion: tls13DraftVersion,
|
||||
+ SendServerSupportedExtensionVersion: tls13Draft22Version,
|
||||
},
|
||||
},
|
||||
shouldFail: true,
|
||||
@@ -5499,7 +5465,7 @@ func addVersionNegotiationTests() {
|
||||
name: "IgnoreClientVersionOrder",
|
||||
config: Config{
|
||||
Bugs: ProtocolBugs{
|
||||
- SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
|
||||
+ SendSupportedVersions: []uint16{VersionTLS12, tls13Draft22Version},
|
||||
},
|
||||
},
|
||||
expectedVersion: VersionTLS13,
|
40
vendor/github.com/google/boringssl/ssl/test/runner/runner.go
generated
vendored
40
vendor/github.com/google/boringssl/ssl/test/runner/runner.go
generated
vendored
@ -540,6 +540,7 @@ func doExchange(test *testCase, config *Config, conn net.Conn, isResume bool, tr
|
||||
if test.tls13Variant != 0 {
|
||||
config.TLS13Variant = test.tls13Variant
|
||||
}
|
||||
config.TLS13Variant = TLS13Draft22
|
||||
|
||||
conn = &timeoutConn{conn, *idleTimeout}
|
||||
|
||||
@ -1297,20 +1298,6 @@ var tlsVersions = []tlsVersion{
|
||||
hasDTLS: true,
|
||||
versionDTLS: VersionDTLS12,
|
||||
},
|
||||
{
|
||||
name: "TLS13",
|
||||
version: VersionTLS13,
|
||||
excludeFlag: "-no-tls13",
|
||||
versionWire: tls13DraftVersion,
|
||||
tls13Variant: TLS13Default,
|
||||
},
|
||||
{
|
||||
name: "TLS13Draft21",
|
||||
version: VersionTLS13,
|
||||
excludeFlag: "-no-tls13",
|
||||
versionWire: tls13Draft21Version,
|
||||
tls13Variant: TLS13Draft21,
|
||||
},
|
||||
{
|
||||
name: "TLS13Draft22",
|
||||
version: VersionTLS13,
|
||||
@ -1318,27 +1305,6 @@ var tlsVersions = []tlsVersion{
|
||||
versionWire: tls13Draft22Version,
|
||||
tls13Variant: TLS13Draft22,
|
||||
},
|
||||
{
|
||||
name: "TLS13Experiment",
|
||||
version: VersionTLS13,
|
||||
excludeFlag: "-no-tls13",
|
||||
versionWire: tls13ExperimentVersion,
|
||||
tls13Variant: TLS13Experiment,
|
||||
},
|
||||
{
|
||||
name: "TLS13Experiment2",
|
||||
version: VersionTLS13,
|
||||
excludeFlag: "-no-tls13",
|
||||
versionWire: tls13Experiment2Version,
|
||||
tls13Variant: TLS13Experiment2,
|
||||
},
|
||||
{
|
||||
name: "TLS13Experiment3",
|
||||
version: VersionTLS13,
|
||||
excludeFlag: "-no-tls13",
|
||||
versionWire: tls13Experiment3Version,
|
||||
tls13Variant: TLS13Experiment3,
|
||||
},
|
||||
}
|
||||
|
||||
func allVersions(protocol protocol) []tlsVersion {
|
||||
@ -5485,7 +5451,7 @@ func addVersionNegotiationTests() {
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
Bugs: ProtocolBugs{
|
||||
SendServerSupportedExtensionVersion: tls13DraftVersion,
|
||||
SendServerSupportedExtensionVersion: tls13Draft22Version,
|
||||
},
|
||||
},
|
||||
shouldFail: true,
|
||||
@ -5499,7 +5465,7 @@ func addVersionNegotiationTests() {
|
||||
name: "IgnoreClientVersionOrder",
|
||||
config: Config{
|
||||
Bugs: ProtocolBugs{
|
||||
SendSupportedVersions: []uint16{VersionTLS12, tls13DraftVersion},
|
||||
SendSupportedVersions: []uint16{VersionTLS12, tls13Draft22Version},
|
||||
},
|
||||
},
|
||||
expectedVersion: VersionTLS13,
|
||||
|
Loading…
Reference in New Issue
Block a user