runner: implement SecondHelloRetryRequest more straightforwardly
I am not sure why we ran through this increasingly large block of code,
with side effects, twice. All this really needed was to send a second
HRR and make sure the client rejected.
Change-Id: I1122ef2c5f8f85e2f356a6112ae2042653469417
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75631
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 2198ffd..00a6287 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -696,9 +696,6 @@
hs.hello.hasKeyShare = false
}
- firstHelloRetryRequest := true
-
-ResendHelloRetryRequest:
var sendHelloRetryRequest bool
cipherSuite := hs.suite.id
if config.Bugs.SendHelloRetryRequestCipherSuite != 0 {
@@ -906,9 +903,14 @@
return err
}
- if firstHelloRetryRequest && config.Bugs.SecondHelloRetryRequest {
- firstHelloRetryRequest = false
- goto ResendHelloRetryRequest
+ if config.Bugs.SecondHelloRetryRequest {
+ c.writeRecord(recordTypeHandshake, helloRetryRequest.marshal())
+ // The peer should reject this. Read from the connection to pick up the alert.
+ _, err := c.readHandshake()
+ if err != nil {
+ return err
+ }
+ return errors.New("tls: client sent message instead of alert")
}
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index adc35bd..4a58458 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -15870,8 +15870,9 @@
SecondHelloRetryRequest: true,
},
},
- shouldFail: true,
- expectedError: ":UNEXPECTED_MESSAGE:",
+ shouldFail: true,
+ expectedError: ":UNEXPECTED_MESSAGE:",
+ expectedLocalError: "remote error: unexpected message",
})
testCases = append(testCases, testCase{
