From 21b01575d99ae1872b999683807ab5ae1b654cd9 Mon Sep 17 00:00:00 2001 From: Dennis Jackson Date: Wed, 22 Feb 2023 10:08:17 +0000 Subject: Bug 1815167: Tolerate certificate_authorities xtn in ClientHello. r=mt,nss-reviewers Differential Revision: https://phabricator.services.mozilla.com/D169918 --- gtests/ssl_gtest/ssl_extension_unittest.cc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'gtests') diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc index 1f115ea0f..0d7a77cfa 100644 --- a/gtests/ssl_gtest/ssl_extension_unittest.cc +++ b/gtests/ssl_gtest/ssl_extension_unittest.cc @@ -1440,6 +1440,24 @@ TEST_F(TlsConnectStreamTls13, PR_ASSERT(inequal >= 1); } +// The certificate_authorities xtn can be included in a ClientHello [RFC 8446, +// Section 4.2] +TEST_F(TlsConnectStreamTls13, ClientHelloCertAuthXtnToleration) { + EnsureTlsSetup(); + uint8_t bodyBuf[3] = {0x00,0x01,0xff}; + DataBuffer body(bodyBuf,sizeof(bodyBuf)); + auto ch = MakeTlsFilter( + client_, kTlsHandshakeClientHello, ssl_tls13_certificate_authorities_xtn, + body); + // The Connection will fail because the added extension isn't in the client's + // transcript not because the extension is unsupported (Bug 1815167). + server_->ExpectSendAlert(bad_record_mac); + client_->ExpectSendAlert(bad_record_mac); + ConnectExpectFail(); + server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); + client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ); +} + INSTANTIATE_TEST_SUITE_P( ExtensionStream, TlsExtensionTestGeneric, ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, -- cgit v1.2.1