Improve test coverage around NewSessionTicket message. Test both when the peer doesn't support session tickets and when the server promises a NewSessionTicket message but doesn't deliver. Change-Id: I48f338094002beac2e6b80e41851c72822b3b9d5 Reviewed-on: https://boringssl-review.googlesource.com/1300 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go index 8ac76f6..7319463 100644 --- a/ssl/test/runner/common.go +++ b/ssl/test/runner/common.go
@@ -374,6 +374,10 @@ // zero disables this behavior. One and two configure variants for 0.9.8 // and 1.0.1 modes, respectively. EarlyChangeCipherSpec int + + // SkipNewSessionTicket causes the server to skip sending the + // NewSessionTicket message despite promising to in ServerHello. + SkipNewSessionTicket bool } func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index 73eac70..8cdecd7 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go
@@ -570,7 +570,7 @@ } func (hs *serverHandshakeState) sendSessionTicket() error { - if !hs.hello.ticketSupported { + if !hs.hello.ticketSupported || hs.c.config.Bugs.SkipNewSessionTicket { return nil }
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 47af0e0..f4a0891 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go
@@ -284,6 +284,29 @@ shouldFail: true, expectedError: ":CCS_RECEIVED_EARLY:", }, + { + name: "SessionTicketsDisabled-Client", + config: Config{ + SessionTicketsDisabled: true, + }, + }, + { + testType: serverTest, + name: "SessionTicketsDisabled-Server", + config: Config{ + SessionTicketsDisabled: true, + }, + }, + { + name: "SkipNewSessionTicket", + config: Config{ + Bugs: ProtocolBugs{ + SkipNewSessionTicket: true, + }, + }, + shouldFail: true, + expectedError: ":CCS_RECEIVED_EARLY:", + }, } func doExchange(testType testType, config *Config, conn net.Conn, messageLen int) error {