Cut down on some redundant flags.
We have fancy -on-initial and -on-resume prefixes now that can apply to
every flag.
Change-Id: I6195a97f663ebc94db320ca35889c213c700a976
Reviewed-on: https://boringssl-review.googlesource.com/19666
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index ce09060..7179832 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1569,19 +1569,15 @@
}
}
- bool expected_sha256_client_cert = config->expect_sha256_client_cert_initial;
- if (is_resume) {
- expected_sha256_client_cert = config->expect_sha256_client_cert_resume;
- }
-
- if (SSL_get_session(ssl)->peer_sha256_valid != expected_sha256_client_cert) {
+ if (SSL_get_session(ssl)->peer_sha256_valid !=
+ config->expect_sha256_client_cert) {
fprintf(stderr,
"Unexpected SHA-256 client cert state: expected:%d is_resume:%d.\n",
- expected_sha256_client_cert, is_resume);
+ config->expect_sha256_client_cert, is_resume);
return false;
}
- if (expected_sha256_client_cert &&
+ if (config->expect_sha256_client_cert &&
SSL_get_session(ssl)->certs != nullptr) {
fprintf(stderr, "Have both client cert and SHA-256 hash: is_resume:%d.\n",
is_resume);
@@ -2025,10 +2021,7 @@
if (config->max_cert_list > 0) {
SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
}
- if (!is_resume && config->retain_only_sha256_client_cert_initial) {
- SSL_set_retain_only_sha256_of_client_certs(ssl.get(), 1);
- }
- if (is_resume && config->retain_only_sha256_client_cert_resume) {
+ if (config->retain_only_sha256_client_cert) {
SSL_set_retain_only_sha256_of_client_certs(ssl.get(), 1);
}
if (config->max_send_fragment > 0) {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 9f548fc..56814d3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -12296,8 +12296,8 @@
},
tls13Variant: ver.tls13Variant,
flags: []string{
- "-retain-only-sha256-client-cert-initial",
- "-retain-only-sha256-client-cert-resume",
+ "-on-initial-retain-only-sha256-client-cert",
+ "-on-resume-retain-only-sha256-client-cert",
},
resumeSession: true,
})
@@ -12315,10 +12315,10 @@
tls13Variant: ver.tls13Variant,
flags: []string{
"-verify-peer",
- "-retain-only-sha256-client-cert-initial",
- "-retain-only-sha256-client-cert-resume",
- "-expect-sha256-client-cert-initial",
- "-expect-sha256-client-cert-resume",
+ "-on-initial-retain-only-sha256-client-cert",
+ "-on-resume-retain-only-sha256-client-cert",
+ "-on-initial-expect-sha256-client-cert",
+ "-on-resume-expect-sha256-client-cert",
},
resumeSession: true,
})
@@ -12337,8 +12337,8 @@
tls13Variant: ver.tls13Variant,
flags: []string{
"-verify-peer",
- "-retain-only-sha256-client-cert-initial",
- "-expect-sha256-client-cert-initial",
+ "-on-initial-retain-only-sha256-client-cert",
+ "-on-initial-expect-sha256-client-cert",
},
resumeSession: true,
expectResumeRejected: true,
@@ -12358,8 +12358,8 @@
tls13Variant: ver.tls13Variant,
flags: []string{
"-verify-peer",
- "-retain-only-sha256-client-cert-resume",
- "-expect-sha256-client-cert-resume",
+ "-on-resume-retain-only-sha256-client-cert",
+ "-on-resume-expect-sha256-client-cert",
},
resumeSession: true,
expectResumeRejected: true,
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 8b2f7f2..6df8d2a 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -108,14 +108,10 @@
{ "-peek-then-read", &TestConfig::peek_then_read },
{ "-enable-grease", &TestConfig::enable_grease },
{ "-use-exporter-between-reads", &TestConfig::use_exporter_between_reads },
- { "-retain-only-sha256-client-cert-initial",
- &TestConfig::retain_only_sha256_client_cert_initial },
- { "-retain-only-sha256-client-cert-resume",
- &TestConfig::retain_only_sha256_client_cert_resume },
- { "-expect-sha256-client-cert-initial",
- &TestConfig::expect_sha256_client_cert_initial },
- { "-expect-sha256-client-cert-resume",
- &TestConfig::expect_sha256_client_cert_resume },
+ { "-retain-only-sha256-client-cert",
+ &TestConfig::retain_only_sha256_client_cert },
+ { "-expect-sha256-client-cert",
+ &TestConfig::expect_sha256_client_cert },
{ "-read-with-unfinished-write", &TestConfig::read_with_unfinished_write },
{ "-expect-secure-renegotiation",
&TestConfig::expect_secure_renegotiation },
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index af75548..9af64bc 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -128,10 +128,8 @@
int expect_cipher_no_aes = 0;
std::string expect_peer_cert_file;
int resumption_delay = 0;
- bool retain_only_sha256_client_cert_initial = false;
- bool retain_only_sha256_client_cert_resume = false;
- bool expect_sha256_client_cert_initial = false;
- bool expect_sha256_client_cert_resume = false;
+ bool retain_only_sha256_client_cert = false;
+ bool expect_sha256_client_cert = false;
bool read_with_unfinished_write = false;
bool expect_secure_renegotiation = false;
bool expect_no_secure_renegotiation = false;
