Send unsupported_extension on unexpected ServerHello extensions.
We were sending decode_error, but the spec explicitly says (RFC 5246):
unsupported_extension
sent by clients that receive an extended server hello containing
an extension that they did not put in the corresponding client
hello. This message is always fatal.
Also add a test for this when it's a known but unoffered extension. We
actually end up putting these in different codepaths now due to the
custom extensions stuff.
Thanks to Eric Rescorla for pointing this out.
Change-Id: If6c8033d4cfe69ef8af5678b873b25e0dbadfc4f
Reviewed-on: https://boringssl-review.googlesource.com/9061
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index dfd5b30..e9a3fdb 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -866,6 +866,11 @@
// ALPN and NPN in the same connetion.
NegotiateALPNAndNPN bool
+ // SendALPN, if non-empty, causes the server to send the specified
+ // string in the ALPN extension regardless of whether the client
+ // advertised it.
+ SendALPN string
+
// SendEmptySessionTicket, if true, causes the server to send an empty
// session ticket.
SendEmptySessionTicket bool