summaryrefslogtreecommitdiff
path: root/gtests
diff options
context:
space:
mode:
authorDennis Jackson <djackson@mozilla.com>2023-02-22 10:08:17 +0000
committerDennis Jackson <djackson@mozilla.com>2023-02-22 10:08:17 +0000
commit21b01575d99ae1872b999683807ab5ae1b654cd9 (patch)
tree840d3091fed7c297469daf048d57e760d472a42e /gtests
parenta785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb (diff)
downloadnss-hg-21b01575d99ae1872b999683807ab5ae1b654cd9.tar.gz
Bug 1815167: Tolerate certificate_authorities xtn in ClientHello. r=mt,nss-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D169918
Diffstat (limited to 'gtests')
-rw-r--r--gtests/ssl_gtest/ssl_extension_unittest.cc18
1 files changed, 18 insertions, 0 deletions
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
index 1f115ea0f..0d7a77cfa 100644
--- a/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -1440,6 +1440,24 @@ TEST_F(TlsConnectStreamTls13,
PR_ASSERT(inequal >= 1);
}
+// The certificate_authorities xtn can be included in a ClientHello [RFC 8446,
+// Section 4.2]
+TEST_F(TlsConnectStreamTls13, ClientHelloCertAuthXtnToleration) {
+ EnsureTlsSetup();
+ uint8_t bodyBuf[3] = {0x00,0x01,0xff};
+ DataBuffer body(bodyBuf,sizeof(bodyBuf));
+ auto ch = MakeTlsFilter<TlsExtensionAppender>(
+ client_, kTlsHandshakeClientHello, ssl_tls13_certificate_authorities_xtn,
+ body);
+ // The Connection will fail because the added extension isn't in the client's
+ // transcript not because the extension is unsupported (Bug 1815167).
+ server_->ExpectSendAlert(bad_record_mac);
+ client_->ExpectSendAlert(bad_record_mac);
+ ConnectExpectFail();
+ server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+ client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+}
+
INSTANTIATE_TEST_SUITE_P(
ExtensionStream, TlsExtensionTestGeneric,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
View Lorry Controller Status