Get SSL 3.0 server tests working.
The missing SSL 3.0 client support in runner.go was fairly minor.
Change-Id: Ibbd440c9b6be99be08a214dec6b93ca358d8cf0a
Reviewed-on: https://boringssl-review.googlesource.com/1516
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index f2cbbe4..3fa02df 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -184,13 +184,11 @@
return unexpectedMessageError(serverHello, msg)
}
- vers, ok := c.config.mutualVersion(serverHello.vers)
- if !ok || vers < VersionTLS10 {
- // TLS 1.0 is the minimum version supported as a client.
+ c.vers, ok = c.config.mutualVersion(serverHello.vers)
+ if !ok {
c.sendAlert(alertProtocolVersion)
return fmt.Errorf("tls: server selected unsupported protocol version %x", serverHello.vers)
}
- c.vers = vers
c.haveVers = true
suite := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite)
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index a678fee..2e2eff4 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -87,10 +87,14 @@
return nil, nil, err
}
ckx := new(clientKeyExchangeMsg)
- ckx.ciphertext = make([]byte, len(encrypted)+2)
- ckx.ciphertext[0] = byte(len(encrypted) >> 8)
- ckx.ciphertext[1] = byte(len(encrypted))
- copy(ckx.ciphertext[2:], encrypted)
+ if clientHello.vers != VersionSSL30 {
+ ckx.ciphertext = make([]byte, len(encrypted)+2)
+ ckx.ciphertext[0] = byte(len(encrypted) >> 8)
+ ckx.ciphertext[1] = byte(len(encrypted))
+ copy(ckx.ciphertext[2:], encrypted)
+ } else {
+ ckx.ciphertext = encrypted
+ }
return preMasterSecret, ckx, nil
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 1d44f99..b39bced 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -755,26 +755,19 @@
resumeSession: resumeSession,
})
- // Go's TLS implementation implements SSLv3 as a server,
- // but not as a client.
- //
- // TODO(davidben): Implement SSLv3 as a client too to
- // exercise that code.
- if ver.version != VersionSSL30 {
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: ver.name + "-" + suite.name + "-server",
- config: Config{
- MinVersion: ver.version,
- MaxVersion: ver.version,
- CipherSuites: []uint16{suite.id},
- Certificates: []Certificate{cert},
- },
- certFile: certFile,
- keyFile: keyFile,
- resumeSession: resumeSession,
- })
- }
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: ver.name + "-" + suite.name + "-server",
+ config: Config{
+ MinVersion: ver.version,
+ MaxVersion: ver.version,
+ CipherSuites: []uint16{suite.id},
+ Certificates: []Certificate{cert},
+ },
+ certFile: certFile,
+ keyFile: keyFile,
+ resumeSession: resumeSession,
+ })
// TODO(davidben): Fix DTLS 1.2 support and test that.
if ver.version == VersionTLS10 && strings.Index(suite.name, "RC4") == -1 {
@@ -1212,18 +1205,15 @@
expectedVersion: expectedVersion,
})
- // TODO(davidben): Implement SSLv3 as a client in the runner.
- if expectedVersion > VersionSSL30 {
- testCases = append(testCases, testCase{
- testType: serverTest,
- name: "VersionNegotiation-Server-" + suffix,
- config: Config{
- MaxVersion: runnerVers.version,
- },
- flags: flags,
- expectedVersion: expectedVersion,
- })
- }
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "VersionNegotiation-Server-" + suffix,
+ config: Config{
+ MaxVersion: runnerVers.version,
+ },
+ flags: flags,
+ expectedVersion: expectedVersion,
+ })
}
}
}