Test NULL client CA lists. The preceding client CA bug is actually almost unreachable since the list is initialized to a non-NULL empty list. But if one tries hard enough, a NULL one is possible. Change-Id: I49e69511bf65b0178c4e0acdb887f8ba7d85faff Reviewed-on: https://boringssl-review.googlesource.com/8769 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 2f8935de0f9619992407cc8158e88f0ea933e6f6 [log] [tgz]
author: David Benjamin <davidben@google.com> Wed Jul 13 19:47:39 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Jul 14 00:06:03 2016 +0000
tree: f0cbfa861d6f457699c0ae3185726292a93cd497
parent: 111533049d3fcd847d3a9e57b5f083c34967d94f [diff] [blame]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3e70af8..7c86553 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -2681,6 +2681,21 @@
 		shouldFail:    true,
 		expectedError: ":UNEXPECTED_MESSAGE:",
 	})
+
+	// Regression test for a bug where the client CA list, if explicitly
+	// set to NULL, was mis-encoded.
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "Null-Client-CA-List",
+		config: Config{
+			MaxVersion:   VersionTLS12,
+			Certificates: []Certificate{rsaCertificate},
+		},
+		flags: []string{
+			"-require-any-client-certificate",
+			"-use-null-client-ca-list",
+		},
+	})
 }
 
 func addExtendedMasterSecretTests() {
commit	2f8935de0f9619992407cc8158e88f0ea933e6f6	[log] [tgz]
author	David Benjamin <davidben@google.com>	Wed Jul 13 19:47:39 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Jul 14 00:06:03 2016 +0000
tree	f0cbfa861d6f457699c0ae3185726292a93cd497
parent	111533049d3fcd847d3a9e57b5f083c34967d94f [diff] [blame]