Add a InvalidChannelIDSignature test.
Apparently we never wrote one of those. Also send a decrypt_error alert
to be consistent with all the other signature checks.
Change-Id: Ib5624d098d1e3086245192cdce92f5df26005064
Reviewed-on: https://boringssl-review.googlesource.com/11180
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 01de14f..ba337d2 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -5010,6 +5010,22 @@
},
flags: []string{"-advertise-npn", "\x03foo\x03bar\x03baz"},
})
+
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "InvalidChannelIDSignature",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ ChannelID: channelIDKey,
+ Bugs: ProtocolBugs{
+ InvalidChannelIDSignature: true,
+ },
+ },
+ flags: []string{"-enable-channel-id"},
+ shouldFail: true,
+ expectedError: ":CHANNEL_ID_SIGNATURE_INVALID:",
+ expectedLocalError: "remote error: error decrypting message",
+ })
}
func addResumptionVersionTests() {