Add certificates to the remaining ECH client tests
If the test specifies -host-name, provide the correct credential for
that name. This is now uniforml done for the ECH client tests.
Also switch the P256 key for a RSA 2048 key, since the P256 key caused
issues for at least one 1.3 -> 1.2 session resumption test.
Change-Id: Ib1ac5a77f21625205fd2349406e443b9dd248ee4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67967
Reviewed-by: David Benjamin <davidben@google.com>
Auto-Submit: Roland Shoemaker <bracewell@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index e18bfd3..6e80e63 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -16780,7 +16780,7 @@
DNSNames: []string{"secret.example"},
IsCA: true,
BasicConstraintsValid: true,
- }, &ecdsaP256Key)
+ }, &rsa2048Key)
echPublicCertificate := generateSingleCertChain(&x509.Certificate{
SerialNumber: big.NewInt(57005),
Subject: pkix.Name{
@@ -16791,7 +16791,7 @@
DNSNames: []string{"public.example"},
IsCA: true,
BasicConstraintsValid: true,
- }, &ecdsaP256Key)
+ }, &rsa2048Key)
echLongNameCertificate := generateSingleCertChain(&x509.Certificate{
SerialNumber: big.NewInt(57005),
Subject: pkix.Name{
@@ -17973,6 +17973,7 @@
ExpectServerName: "secret.example",
AlwaysRejectEarlyData: true,
},
+ Credential: &echSecretCertificate,
},
flags: []string{
"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18246,6 +18247,7 @@
extensionSupportedCurves,
},
},
+ Credential: &echSecretCertificate,
},
flags: []string{
"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18298,6 +18300,7 @@
extensionSupportedVersions,
},
},
+ Credential: &echSecretCertificate,
},
flags: []string{
"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18479,6 +18482,7 @@
Bugs: ProtocolBugs{
ExpectServerName: "secret.example",
},
+ Credential: &echSecretCertificate,
},
resumeConfig: &Config{
MaxVersion: VersionTLS13,
@@ -18487,6 +18491,7 @@
ExpectServerName: "public.example",
UseInnerSessionWithClientHelloOuter: true,
},
+ Credential: &echPublicCertificate,
},
resumeSession: true,
flags: []string{
@@ -18509,6 +18514,7 @@
Bugs: ProtocolBugs{
ExpectServerName: "secret.example",
},
+ Credential: &echSecretCertificate,
},
resumeConfig: &Config{
MinVersion: VersionTLS12,
@@ -18522,6 +18528,7 @@
// resumed at TLS 1.2.
AcceptAnySession: true,
},
+ Credential: &echPublicCertificate,
},
resumeSession: true,
flags: []string{
@@ -18550,12 +18557,14 @@
Bugs: ProtocolBugs{
ExpectServerName: "secret.example",
},
+ Credential: &echSecretCertificate,
},
resumeConfig: &Config{
ServerECHConfigs: []ServerECHConfig{echConfig2},
Bugs: ProtocolBugs{
ExpectServerName: "public.example",
},
+ Credential: &echPublicCertificate,
},
flags: []string{
"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18588,12 +18597,14 @@
Bugs: ProtocolBugs{
ExpectServerName: "secret.example",
},
+ Credential: &echSecretCertificate,
},
resumeConfig: &Config{
MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
ExpectServerName: "public.example",
},
+ Credential: &echPublicCertificate,
},
flags: []string{
"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),