Google Git
Sign in
boringssl/boringssl.git/b80168e1b8951ae53205d972fde72bf81e7c82ba^!/.
commit
b80168e1b8951ae53205d972fde72bf81e7c82ba
[log]
author
David Benjamin <davidben@chromium.org>
Sun Feb 08 18:30:14 2015 -0500
committer
Adam Langley <agl@google.com>
Mon Feb 09 19:43:48 2015 +0000
tree
5ae875b9914c28f9e89dadc20044e0f289234ff0
parent
e820df93718ccb03fc3b06d6ec1c1744d57fe53d [diff]
Test that False Start fails if the server second leg is omitted.

This works fine, but I believe NSS had a bug here a couple years ago. Also move
all the Skip* bug options next to each other in order.

Change-Id: I72dcb3babeee7ba73b3d7dc5ebef2e2298e37438
Reviewed-on: https://boringssl-review.googlesource.com/3333
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index a253cb9..e8df1aa 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -429,15 +429,27 @@
 	// ServerKeyExchange.
 	UnauthenticatedECDH bool
 
+	// SkipHelloVerifyRequest causes a DTLS server to skip the
+	// HelloVerifyRequest message.
+	SkipHelloVerifyRequest bool
+
 	// SkipServerKeyExchange causes the server to skip sending
 	// ServerKeyExchange messages.
 	SkipServerKeyExchange bool
 
+	// SkipNewSessionTicket causes the server to skip sending the
+	// NewSessionTicket message despite promising to in ServerHello.
+	SkipNewSessionTicket bool
+
 	// SkipChangeCipherSpec causes the implementation to skip
 	// sending the ChangeCipherSpec message (and adjusting cipher
 	// state accordingly for the Finished message).
 	SkipChangeCipherSpec bool
 
+	// SkipFinished causes the implementation to skip sending the Finished
+	// message.
+	SkipFinished bool
+
 	// EarlyChangeCipherSpec causes the client to send an early
 	// ChangeCipherSpec message before the ClientKeyExchange. A value of
 	// zero disables this behavior. One and two configure variants for 0.9.8
@@ -449,10 +461,6 @@
 	// messages.
 	FragmentAcrossChangeCipherSpec bool
 
-	// SkipNewSessionTicket causes the server to skip sending the
-	// NewSessionTicket message despite promising to in ServerHello.
-	SkipNewSessionTicket bool
-
 	// SendV2ClientHello causes the client to send a V2ClientHello
 	// instead of a normal ClientHello.
 	SendV2ClientHello bool
@@ -492,10 +500,6 @@
 	// TLS version in the ClientHello than the maximum supported version.
 	SendClientVersion uint16
 
-	// SkipHelloVerifyRequest causes a DTLS server to skip the
-	// HelloVerifyRequest message.
-	SkipHelloVerifyRequest bool
-
 	// ExpectFalseStart causes the server to, on full handshakes,
 	// expect the peer to False Start; the server Finished message
 	// isn't sent until we receive an application data record

diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index 5ad3602..c798109 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go

@@ -872,9 +872,11 @@
 		c.writeRecord(recordTypeApplicationData, c.config.Bugs.AppDataAfterChangeCipherSpec)
 	}
 
-	c.writeRecord(recordTypeHandshake, postCCSBytes)
-	if err := c.dtlsFlushHandshake(false); err != nil {
-		return err
+	if !c.config.Bugs.SkipFinished {
+		c.writeRecord(recordTypeHandshake, postCCSBytes)
+		if err := c.dtlsFlushHandshake(false); err != nil {
+			return err
+		}
 	}
 	return nil
 }

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index c13de9b..de5d7b7 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -857,9 +857,11 @@
 		c.writeRecord(recordTypeApplicationData, c.config.Bugs.AppDataAfterChangeCipherSpec)
 	}
 
-	c.writeRecord(recordTypeHandshake, postCCSBytes)
-	if err := c.dtlsFlushHandshake(false); err != nil {
-		return err
+	if !c.config.Bugs.SkipFinished {
+		c.writeRecord(recordTypeHandshake, postCCSBytes)
+		if err := c.dtlsFlushHandshake(false); err != nil {
+			return err
+		}
 	}
 
 	c.cipherSuite = hs.suite.id

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 70ed314..dd63c5b 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -739,6 +739,26 @@
 		shouldFail:    true,
 		expectedError: ":UNEXPECTED_RECORD:",
 	},
+	{
+		name: "FalseStart-SkipServerSecondLeg",
+		config: Config{
+			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+			NextProtos:   []string{"foo"},
+			Bugs: ProtocolBugs{
+				SkipNewSessionTicket: true,
+				SkipChangeCipherSpec: true,
+				SkipFinished:         true,
+				ExpectFalseStart:     true,
+			},
+		},
+		flags: []string{
+			"-false-start",
+			"-advertise-alpn", "\x03foo",
+		},
+		shimWritesFirst: true,
+		shouldFail:      true,
+		expectedError:   ":UNEXPECTED_RECORD:",
+	},
 }
 
 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {