Limit the number of warning alerts silently consumed.

Per review comments on
https://boringssl-review.googlesource.com/#/c/4112/.

Change-Id: I82cacf67c6882e64f6637015ac41945522699797
Reviewed-on: https://boringssl-review.googlesource.com/5041
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index d7ae850..d17b048 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -207,6 +207,9 @@
 	// sendEmptyRecords is the number of consecutive empty records to send
 	// before and after the test message.
 	sendEmptyRecords int
+	// sendWarningAlerts is the number of consecutive warning alerts to send
+	// before and after the test message.
+	sendWarningAlerts int
 }
 
 var testCases = []testCase{
@@ -955,23 +958,6 @@
 		expectedError: ":WRONG_CURVE:",
 	},
 	{
-		name: "SendWarningAlerts",
-		config: Config{
-			Bugs: ProtocolBugs{
-				SendWarningAlerts: alertAccessDenied,
-			},
-		},
-	},
-	{
-		protocol: dtls,
-		name:     "SendWarningAlerts-DTLS",
-		config: Config{
-			Bugs: ProtocolBugs{
-				SendWarningAlerts: alertAccessDenied,
-			},
-		},
-	},
-	{
 		name: "BadFinished",
 		config: Config{
 			Bugs: ProtocolBugs{
@@ -1156,6 +1142,28 @@
 		shouldFail:       true,
 		expectedError:    ":TOO_MANY_EMPTY_FRAGMENTS:",
 	},
+	{
+		name:              "SendWarningAlerts-Pass",
+		sendWarningAlerts: 4,
+	},
+	{
+		protocol:          dtls,
+		name:              "SendWarningAlerts-DTLS-Pass",
+		sendWarningAlerts: 4,
+	},
+	{
+		name:              "SendWarningAlerts",
+		sendWarningAlerts: 5,
+		shouldFail:        true,
+		expectedError:     ":TOO_MANY_WARNING_ALERTS:",
+	},
+	{
+		name:              "SendWarningAlerts-Async",
+		sendWarningAlerts: 5,
+		flags:             []string{"-async"},
+		shouldFail:        true,
+		expectedError:     ":TOO_MANY_WARNING_ALERTS:",
+	},
 }
 
 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {
@@ -1295,6 +1303,10 @@
 		tlsConn.Write(nil)
 	}
 
+	for i := 0; i < test.sendWarningAlerts; i++ {
+		tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
+	}
+
 	if test.renegotiate {
 		if test.renegotiateCiphers != nil {
 			config.CipherSuites = test.renegotiateCiphers
@@ -1334,6 +1346,10 @@
 		tlsConn.Write(nil)
 	}
 
+	for i := 0; i < test.sendWarningAlerts; i++ {
+		tlsConn.SendAlert(alertLevelWarning, alertUnexpectedMessage)
+	}
+
 	buf := make([]byte, len(testMessage))
 	if test.protocol == dtls {
 		bufTmp := make([]byte, len(buf)+1)