Bug 1441573 - Make BoGo shim use IPv6 by default and IPv4 as fallback r=franziskus

Reviewers: franziskus

Reviewed By: franziskus

Bug #: 1441573

Differential Revision: https://phabricator.services.mozilla.com/D655

2 files changed, 11 insertions, 66 deletions

diff --git a/gtests/nss_bogo_shim/config.json b/gtests/nss_bogo_shim/config.json
index 03f875466..667201545 100644
--- a/gtests/nss_bogo_shim/config.json
+++ b/gtests/nss_bogo_shim/config.json
@@ -1,69 +1,10 @@
 {
     "DisabledTests": {
         "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
-        "SendWarningAlerts-Pass":"BoringSSL updated",
-        "SendBogusAlertType":"BoringSSL updated",
-        "SendEmptyRecords-Pass":"BoringSSL updated",
-        "ExtraCompressionMethods-TLS12":"BoringSSL updated",
-        "SendSNIWarningAlert":"BoringSSL updated",
-        "NoNullCompression-TLS12":"BoringSSL updated",
-        "InvalidCompressionMethod":"BoringSSL updated",
-        "SupportTicketsWithSessionID":"BoringSSL updated",
-        "NoSharedCipher":"BoringSSL updated",
-        "ServerHelloBogusCipher":"BoringSSL updated",
-        "ClientHelloVersionTooHigh":"BoringSSL updated",
-        "ServerAuth-SignatureType":"BoringSSL updated",
-        "ECDSACurveMismatch-Verify-TLS12":"BoringSSL updated",
-        "UnknownExtension-Client":"BoringSSL updated",
-        "UnofferedExtension-Client":"BoringSSL updated",
-        "SendClientVersion-RSA":"BoringSSL updated",
-        "SupportedCurves-ServerHello-TLS12":"BoringSSL updated",
-        "Basic-Client*Sync":"BoringSSL updated",
-        "Resume-Client-CipherMismatch":"BoringSSL updated",
-        "ClientAuth-SignatureType":"BoringSSL updated",
-        "Agree-Digest-Default":"BoringSSL updated",
-        "Basic-Server*Sync":"BoringSSL updated",
-        "ClientAuth-*-Sync":"BoringSSL updated",
-        "RSA-PSS-Default*":"BoringSSL updated",
-        "Renegotiate-Server-NoExt*":"BoringSSL updated",
-        "Downgrade-TLS12*":"BoringSSL updated",
-        "MaxCBCPadding":"BoringSSL updated",
-        "UnknownCipher":"BoringSSL updated",
-        "LargeMessage":"BoringSSL updated",
-        "NoCommonCurves":"BoringSSL updated",
-        "UnknownCurve":"BoringSSL updated",
-        "SessionTicketsDisabled*":"BoringSSL updated",
-        "BadFinished-*":"BoringSSL updated",
-        "ServerSkipCertificateVerify":"BoringSSL updated",
-        "*VersionTolerance":"BoringSSL updated",
-        "ConflictingVersionNegotiation*":"BoringSSL updated",
-        "Ed25519DefaultDisable*":"BoringSSL updated",
-        "*SHA1-Fallback*":"BoringSSL updated",
-        "ExtendedMasterSecret-NoToNo*":"BoringSSL updated",
-        "ServerNameExtensionClientMissing*":"BoringSSL updated",
-        "NoClientCertificate*":"BoringSSL updated",
-        "ServerCipherFilter*":"BoringSSL updated",
-        "*FallbackSCSV*":"BoringSSL updated",
-        "LooseInitialRecordVersion*":"BoringSSL updated",
-        "ALPNClient*":"BoringSSL updated",
-        "MinimumVersion*":"BoringSSL updated",
-        "VersionNegotiation*":"BoringSSL updated",
-        "*Client-ClientAuth*":"BoringSSL updated",
-        "*Server-ClientAuth*":"BoringSSL updated",
-        "NoExtendedMasterSecret*":"BoringSSL updated",
-        "PointFormat*":"BoringSSL updated",
-        "*Sync-SplitHandshakeRecords*":"BoringSSL updated",
-        "*Sync-PackHandshakeFlight*":"BoringSSL updated",
-        "TicketSessionIDLength*":"BoringSSL updated",
-        "*LargeRecord*":"BoringSSL updated",
-        "WrongMessageType-NewSessionTicket":"BoringSSL updated",
-        "WrongMessageType*Certificate*":"BoringSSL updated",
-        "WrongMessageType*Client*":"BoringSSL updated",
-        "WrongMessageType*Server*":"BoringSSL updated",
-        "WrongMessageType*DTLS":"BoringSSL updated",
-        "GarbageCertificate*":"BoringSSL updated",
-        "EmptyExtensions*":"BoringSSL updated",
-        "*OmitExtensions*":"BoringSSL updated",
+        "SendBogusAlertType":"Unexpected TLS alerts should abort connections (Bug 1438263)",
+        "Ed25519DefaultDisable*":"Add Ed25519 support (Bug 1325335)",
+        "ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)",
+        "GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)",
         "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)",
         "*TLS13*":"(NSS=19, BoGo=18)",
         "*HelloRetryRequest*":"(NSS=19, BoGo=18)",
@@ -108,7 +49,6 @@
         "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
         "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
         "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
-        "EncryptedExtensionsWithKeyShare":"nss updated/broken",
         "EmptyEncryptedExtensions":"nss updated/broken",
         "TrailingMessageData-*": "Bug 1304575",
         "DuplicateKeyShares":"Bug 1304578",
diff --git a/gtests/nss_bogo_shim/nss_bogo_shim.cc b/gtests/nss_bogo_shim/nss_bogo_shim.cc
index e12714e8d..4bb5debaf 100644
--- a/gtests/nss_bogo_shim/nss_bogo_shim.cc
+++ b/gtests/nss_bogo_shim/nss_bogo_shim.cc
@@ -90,9 +90,14 @@ class TestAgent {
     PRStatus prv;
     PRNetAddr addr;
 
-    prv = PR_StringToNetAddr("127.0.0.1", &addr);
+    // Try IPv6 first.
+    prv = PR_StringToNetAddr("::1", &addr);
     if (prv != PR_SUCCESS) {
-      return false;
+      // If that fails, try IPv4.
+      prv = PR_StringToNetAddr("127.0.0.1", &addr);
+      if (prv != PR_SUCCESS) {
+        return false;
+      }
     }
     addr.inet.port = PR_htons(cfg_.get<int>("port"));