Test server-side renegotiation.
This change adds support to the Go code for renegotiation as a client,
meaning that we can test BoringSSL's renegotiation as a server.
Change-Id: Iaa9fb1a6022c51023bce36c47d4ef7abee74344b
Reviewed-on: https://boringssl-review.googlesource.com/2082
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 4bf8f1c..3288b0d 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -214,6 +214,11 @@
c.sendAlert(alertInternalError)
return false, err
}
+
+ if len(hs.clientHello.secureRenegotiation) > 1 {
+ c.sendAlert(alertHandshakeFailure)
+ return false, errors.New("tls: client is doing a renegotiation handshake")
+ }
hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
hs.hello.compressionMethod = compressionNone
hs.hello.duplicateExtension = c.config.Bugs.DuplicateExtension
@@ -693,6 +698,7 @@
c.sendAlert(alertHandshakeFailure)
return errors.New("tls: client's Finished message is incorrect")
}
+ c.clientVerify = append(c.clientVerify[:0], clientFinished.verifyData...)
hs.writeClientHash(clientFinished.marshal())
return nil
@@ -730,6 +736,7 @@
finished := new(finishedMsg)
finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret)
+ c.serverVerify = append(c.serverVerify[:0], finished.verifyData...)
postCCSBytes := finished.marshal()
hs.writeServerHash(postCCSBytes)