Enforce the server ALPN protocol was advertised. The server should not be allowed select a protocol that wasn't advertised. Callers tend to not really notice and act as if some default were chosen which is unlikely to work very well. Change-Id: Ib6388db72f05386f854d275bab762ca79e8174e6 Reviewed-on: https://boringssl-review.googlesource.com/10284 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 3e51757de2bf9beef7d249f22d255e4dd9ddb012 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Aug 11 11:52:23 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Aug 11 16:46:34 2016 +0000
tree: dfbc2e0ecfc8988d5e7b7cb4a6838a7de0f7769c
parent: 37b486aade4bd69af05b523182126559ba6431c3 [diff] [blame]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 4cb22b1..45d3e13 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -4317,6 +4317,22 @@
 			resumeSession:         resumeSession,
 		})
 		testCases = append(testCases, testCase{
+			testType: clientTest,
+			name:     "ALPNClient-Mismatch-" + ver.name,
+			config: Config{
+				MaxVersion: ver.version,
+				Bugs: ProtocolBugs{
+					SendALPN: "baz",
+				},
+			},
+			flags: []string{
+				"-advertise-alpn", "\x03foo\x03bar",
+			},
+			shouldFail:         true,
+			expectedError:      ":INVALID_ALPN_PROTOCOL:",
+			expectedLocalError: "remote error: illegal parameter",
+		})
+		testCases = append(testCases, testCase{
 			testType: serverTest,
 			name:     "ALPNServer-" + ver.name,
 			config: Config{
commit	3e51757de2bf9beef7d249f22d255e4dd9ddb012	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Aug 11 11:52:23 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Aug 11 16:46:34 2016 +0000
tree	dfbc2e0ecfc8988d5e7b7cb4a6838a7de0f7769c
parent	37b486aade4bd69af05b523182126559ba6431c3 [diff] [blame]