Test empty extensions fields are omitted.
For historical reasons, TLS allows ServerHellos (and ClientHellos)
without extensions to omit the extensions fields entirely.
https://github.com/openssl/openssl/pull/4296 reports this is even
necessary for compatibility with extension-less clients. We continue to
do so, but add a test for it anyway.
Change-Id: I63c2e3a5f298674eb21952fca6914dad07d7c245
Reviewed-on: https://boringssl-review.googlesource.com/19864
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 7ae441c..0ce6849 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -12565,6 +12565,21 @@
// Test that omitted and empty extensions blocks are tolerated.
func addOmitExtensionsTests() {
+ // Check the ExpectOmitExtensions setting works.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "ExpectOmitExtensions",
+ config: Config{
+ MinVersion: VersionTLS12,
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ ExpectOmitExtensions: true,
+ },
+ },
+ shouldFail: true,
+ expectedLocalError: "tls: ServerHello did not omit extensions",
+ })
+
for _, ver := range tlsVersions {
if ver.version > VersionTLS12 {
continue
@@ -12579,6 +12594,9 @@
SessionTicketsDisabled: true,
Bugs: ProtocolBugs{
OmitExtensions: true,
+ // With no client extensions, the ServerHello must not have
+ // extensions. It should then omit the extensions field.
+ ExpectOmitExtensions: true,
},
},
})
@@ -12592,6 +12610,9 @@
SessionTicketsDisabled: true,
Bugs: ProtocolBugs{
EmptyExtensions: true,
+ // With no client extensions, the ServerHello must not have
+ // extensions. It should then omit the extensions field.
+ ExpectOmitExtensions: true,
},
},
})