Improve test coverage around NewSessionTicket message.
Test both when the peer doesn't support session tickets and when the server
promises a NewSessionTicket message but doesn't deliver.
Change-Id: I48f338094002beac2e6b80e41851c72822b3b9d5
Reviewed-on: https://boringssl-review.googlesource.com/1300
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 8ac76f6..7319463 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -374,6 +374,10 @@
// zero disables this behavior. One and two configure variants for 0.9.8
// and 1.0.1 modes, respectively.
EarlyChangeCipherSpec int
+
+ // SkipNewSessionTicket causes the server to skip sending the
+ // NewSessionTicket message despite promising to in ServerHello.
+ SkipNewSessionTicket bool
}
func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 73eac70..8cdecd7 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -570,7 +570,7 @@
}
func (hs *serverHandshakeState) sendSessionTicket() error {
- if !hs.hello.ticketSupported {
+ if !hs.hello.ticketSupported || hs.c.config.Bugs.SkipNewSessionTicket {
return nil
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 47af0e0..f4a0891 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -284,6 +284,29 @@
shouldFail: true,
expectedError: ":CCS_RECEIVED_EARLY:",
},
+ {
+ name: "SessionTicketsDisabled-Client",
+ config: Config{
+ SessionTicketsDisabled: true,
+ },
+ },
+ {
+ testType: serverTest,
+ name: "SessionTicketsDisabled-Server",
+ config: Config{
+ SessionTicketsDisabled: true,
+ },
+ },
+ {
+ name: "SkipNewSessionTicket",
+ config: Config{
+ Bugs: ProtocolBugs{
+ SkipNewSessionTicket: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":CCS_RECEIVED_EARLY:",
+ },
}
func doExchange(testType testType, config *Config, conn net.Conn, messageLen int) error {