Add a test for SSL_R_NO_CIPHERS_AVAILABLE.
Easy bit of test coverage.
Change-Id: I0362fca926d82869b512e3c40dc53d6dc771dfc8
Reviewed-on: https://boringssl-review.googlesource.com/19724
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 2d01c51..5c04797 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -3697,6 +3697,35 @@
expect_err();
}
+// The client should gracefully handle no suitable ciphers being enabled.
+TEST(SSLTest, NoCiphersAvailable) {
+ bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+ ASSERT_TRUE(ctx);
+
+ // Configure |client_ctx| with a cipher list that does not intersect with its
+ // version configuration.
+ ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(
+ ctx.get(), "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
+ ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_1_VERSION));
+
+ bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
+ ASSERT_TRUE(ssl);
+ SSL_set_connect_state(ssl.get());
+
+ UniquePtr<BIO> rbio(BIO_new(BIO_s_mem())), wbio(BIO_new(BIO_s_mem()));
+ ASSERT_TRUE(rbio);
+ ASSERT_TRUE(wbio);
+ SSL_set0_rbio(ssl.get(), rbio.release());
+ SSL_set0_wbio(ssl.get(), wbio.release());
+
+ int ret = SSL_do_handshake(ssl.get());
+ EXPECT_EQ(-1, ret);
+ EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret));
+ uint32_t err = ERR_get_error();
+ EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err));
+ EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err));
+}
+
// TODO(davidben): Convert this file to GTest properly.
TEST(SSLTest, AllTests) {
if (!TestSSL_SESSIONEncoding(kOpenSSLSession) ||
