Unbreak SSL_total_renegotiations.
The logic to update that got removed in
https://boringssl-review.googlesource.com/4825. Add tests.
Change-Id: Idc550e8fa3ce6f69a76fa65d7651adde281edba6
Reviewed-on: https://boringssl-review.googlesource.com/6220
Reviewed-by: Matt Braithwaite <mab@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index edae67b..237ebf1 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1333,6 +1333,14 @@
return false;
}
+ if (SSL_total_renegotiations(ssl.get()) !=
+ config->expect_total_renegotiations) {
+ fprintf(stderr, "Expected %d renegotiations, got %d\n",
+ config->expect_total_renegotiations,
+ SSL_total_renegotiations(ssl.get()));
+ return false;
+ }
+
return true;
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 61c8c57..ed37b77 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2711,6 +2711,7 @@
tests = append(tests, testCase{
name: "Renegotiate-Client",
renegotiate: true,
+ flags: []string{"-expect-total-renegotiations", "1"},
})
// NPN on client and server; results in post-handshake message.
tests = append(tests, testCase{
@@ -3715,6 +3716,7 @@
},
},
renegotiate: true,
+ flags: []string{"-expect-total-renegotiations", "1"},
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-EmptyExt",
@@ -3757,6 +3759,7 @@
NoRenegotiationInfo: true,
},
},
+ flags: []string{"-expect-total-renegotiations", "1"},
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-SwitchCiphers",
@@ -3765,6 +3768,7 @@
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
},
renegotiateCiphers: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ flags: []string{"-expect-total-renegotiations", "1"},
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-SwitchCiphers2",
@@ -3773,6 +3777,7 @@
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
},
renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
+ flags: []string{"-expect-total-renegotiations", "1"},
})
testCases = append(testCases, testCase{
name: "Renegotiate-Client-Forbidden",
@@ -3791,6 +3796,7 @@
RequireSameRenegoClientVersion: true,
},
},
+ flags: []string{"-expect-total-renegotiations", "1"},
})
testCases = append(testCases, testCase{
name: "Renegotiate-FalseStart",
@@ -3802,6 +3808,7 @@
flags: []string{
"-false-start",
"-select-next-proto", "foo",
+ "-expect-total-renegotiations", "1",
},
shimWritesFirst: true,
})
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 1c42b2e..6503494 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -138,6 +138,7 @@
{ "-max-version", &TestConfig::max_version },
{ "-mtu", &TestConfig::mtu },
{ "-export-keying-material", &TestConfig::export_keying_material },
+ { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
};
} // namespace
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 9dea8e9..ea05271 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -97,6 +97,7 @@
bool verify_peer = false;
bool expect_verify_result = false;
std::string signed_cert_timestamps;
+ int expect_total_renegotiations = 0;
};
bool ParseConfig(int argc, char **argv, TestConfig *out_config);