Test that we tolerate server name acknowledgements.
The SNI extension may be ACKed by the server. This is kind of pointless,
but make sure we cover these codepaths.
Change-Id: I14b25ab865dd6e35a30f11ebc9027a1518bbeed9
Reviewed-on: https://boringssl-review.googlesource.com/13633
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 668f78c..8f8aa10 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -1291,6 +1291,10 @@
// SendTicketLifetime, if non-zero, is the ticket lifetime to send in
// NewSessionTicket messages.
SendTicketLifetime time.Duration
+
+ // SendServerNameAck, if true, causes the server to acknowledge the SNI
+ // extension.
+ SendServerNameAck bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_messages.go b/ssl/test/runner/handshake_messages.go
index 1141797..4ecb3cb 100644
--- a/ssl/test/runner/handshake_messages.go
+++ b/ssl/test/runner/handshake_messages.go
@@ -1082,6 +1082,7 @@
hasEarlyData bool
keyShare keyShareEntry
supportedPoints []uint8
+ serverNameAck bool
}
func (m *serverExtensions) marshal(extensions *byteBuilder) {
@@ -1187,6 +1188,10 @@
extensions.addU16(extensionEarlyData)
extensions.addBytes([]byte{0, 0})
}
+ if m.serverNameAck {
+ extensions.addU16(extensionServerName)
+ extensions.addU16(0) // zero length
+ }
}
func (m *serverExtensions) unmarshal(data []byte, version uint16) bool {
@@ -1281,7 +1286,7 @@
if length != 0 {
return false
}
- // Ignore this extension from the server.
+ m.serverNameAck = true
case extensionSupportedPoints:
// supported_points is illegal in TLS 1.3.
if version >= VersionTLS13 {
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index d8ab1a5..8aa1587 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -1244,6 +1244,8 @@
return errors.New("tls: no GREASE extension found")
}
+ serverExtensions.serverNameAck = c.config.Bugs.SendServerNameAck
+
return nil
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 8c9278e..76fd13a 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -4751,6 +4751,31 @@
expectedLocalError: "tls: unexpected server name",
})
testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "TolerateServerNameAck-" + ver.name,
+ config: Config{
+ MaxVersion: ver.version,
+ Bugs: ProtocolBugs{
+ SendServerNameAck: true,
+ },
+ },
+ flags: []string{"-host-name", "example.com"},
+ resumeSession: true,
+ })
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: "UnsolicitedServerNameAck-" + ver.name,
+ config: Config{
+ MaxVersion: ver.version,
+ Bugs: ProtocolBugs{
+ SendServerNameAck: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_EXTENSION:",
+ expectedLocalError: "remote error: unsupported extension",
+ })
+ testCases = append(testCases, testCase{
testType: serverTest,
name: "ServerNameExtensionServer-" + ver.name,
config: Config{
@@ -8520,7 +8545,7 @@
flags: []string{
"-resumption-delay", "21",
},
- resumeSession: true,
+ resumeSession: true,
expectResumeRejected: true,
})
}
