diff options
author | Dennis Jackson <djackson@mozilla.com> | 2023-02-22 10:08:17 +0000 |
---|---|---|
committer | Dennis Jackson <djackson@mozilla.com> | 2023-02-22 10:08:17 +0000 |
commit | 21b01575d99ae1872b999683807ab5ae1b654cd9 (patch) | |
tree | 840d3091fed7c297469daf048d57e760d472a42e /gtests | |
parent | a785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb (diff) | |
download | nss-hg-21b01575d99ae1872b999683807ab5ae1b654cd9.tar.gz |
Bug 1815167: Tolerate certificate_authorities xtn in ClientHello. r=mt,nss-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D169918
Diffstat (limited to 'gtests')
-rw-r--r-- | gtests/ssl_gtest/ssl_extension_unittest.cc | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc index 1f115ea0f..0d7a77cfa 100644 --- a/gtests/ssl_gtest/ssl_extension_unittest.cc +++ b/gtests/ssl_gtest/ssl_extension_unittest.cc @@ -1440,6 +1440,24 @@ TEST_F(TlsConnectStreamTls13, PR_ASSERT(inequal >= 1); } +// The certificate_authorities xtn can be included in a ClientHello [RFC 8446, +// Section 4.2] +TEST_F(TlsConnectStreamTls13, ClientHelloCertAuthXtnToleration) { + EnsureTlsSetup(); + uint8_t bodyBuf[3] = {0x00,0x01,0xff}; + DataBuffer body(bodyBuf,sizeof(bodyBuf)); + auto ch = MakeTlsFilter<TlsExtensionAppender>( + client_, kTlsHandshakeClientHello, ssl_tls13_certificate_authorities_xtn, + body); + // The Connection will fail because the added extension isn't in the client's + // transcript not because the extension is unsupported (Bug 1815167). + server_->ExpectSendAlert(bad_record_mac); + client_->ExpectSendAlert(bad_record_mac); + ConnectExpectFail(); + server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); + client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); +} + INSTANTIATE_TEST_SUITE_P( ExtensionStream, TlsExtensionTestGeneric, ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, |