Only enable DTLS post-handshake rexmits if we sent the final Finished.
I messed up https://boringssl-review.googlesource.com/8883 and caused
both sides to believe they had sent the final Finished. Use next_message
to detect whether our last flight had a reply.
Change-Id: Ia4d8c8eefa818c9a69acc94d63c9c863293c3cf5
Reviewed-on: https://boringssl-review.googlesource.com/19604
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 2ae697c..a0f5a9c 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -8782,6 +8782,38 @@
"-initial-timeout-duration-ms", "250",
},
})
+
+ // If the shim sends the last Finished (server full or client resume
+ // handshakes), it must retransmit that Finished when it sees a
+ // post-handshake penultimate Finished from the runner. The above tests
+ // cover this. Conversely, if the shim sends the penultimate Finished
+ // (client full or server resume), test that it does not retransmit.
+ testCases = append(testCases, testCase{
+ protocol: dtls,
+ testType: clientTest,
+ name: "DTLS-StrayRetransmitFinished-ClientFull",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ RetransmitFinished: true,
+ },
+ },
+ })
+ testCases = append(testCases, testCase{
+ protocol: dtls,
+ testType: serverTest,
+ name: "DTLS-StrayRetransmitFinished-ServerResume",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ },
+ resumeConfig: &Config{
+ MaxVersion: VersionTLS12,
+ Bugs: ProtocolBugs{
+ RetransmitFinished: true,
+ },
+ },
+ resumeSession: true,
+ })
}
func addExportKeyingMaterialTests() {