Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 46662482b898da0fee9ac49dea0b532eb60d84ef^! / . / ssl / test / runner / runner.go
commit46662482b898da0fee9ac49dea0b532eb60d84ef[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Aug 17 00:51:00 2016 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Thu Aug 18 23:53:19 2016 +0000
tree59b4cf88a117e965f678f2bfd058d0c70b34b8c7
parent32635b828fff10a92441db25ef2341768c22a103 [diff] [blame]
Test resuming renewed sessions.

In TLS 1.3 draft 14, due to resumption using a different cipher, this
is actually not too hard to mess up. (In fact BoGo didn't quite get it
right.)

Fortunately, the new cipher suite negotiation in draft 15 should make
this reasonable again once we implement it. In the meantime, test it.

Change-Id: I2eb948eeaaa051ecacaa9095b66ff149582ea11d
Reviewed-on: https://boringssl-review.googlesource.com/10442
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 19b8ee7..78e4191 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -294,6 +294,9 @@
 	// resumeSession controls whether a second connection should be tested
 	// which attempts to resume the first session.
 	resumeSession bool
+	// resumeRenewedSession controls whether a third connection should be
+	// tested which attempts to resume the second connection's session.
+	resumeRenewedSession bool
 	// expectResumeRejected, if true, specifies that the attempted
 	// resumption must be rejected by the client. This is only valid for a
 	// serverTest.
@@ -831,8 +834,16 @@
 		flags = append(flags, "-dtls")
 	}
 
+	var resumeCount int
 	if test.resumeSession {
-		flags = append(flags, "-resume")
+		resumeCount++
+		if test.resumeRenewedSession {
+			resumeCount++
+		}
+	}
+
+	if resumeCount > 0 {
+		flags = append(flags, "-resume-count", strconv.Itoa(resumeCount))
 	}
 
 	if test.shimWritesFirst {
@@ -898,7 +909,7 @@
 		conn.Close()
 	}
 
-	if err == nil && test.resumeSession {
+	for i := 0; err == nil && i < resumeCount; i++ {
 		var resumeConfig Config
 		if test.resumeConfig != nil {
 			resumeConfig = *test.resumeConfig
@@ -2115,9 +2126,7 @@
 					FailIfSessionOffered:   true,
 				},
 			},
-			flags:                []string{"-expect-no-session"},
-			resumeSession:        true,
-			expectResumeRejected: true,
+			flags: []string{"-expect-no-session"},
 		},
 		{
 			name:        "BadHelloRequest-1",
@@ -3072,8 +3081,9 @@
 				RenewTicketOnResume: true,
 			},
 		},
-		flags:         []string{"-expect-ticket-renewal"},
-		resumeSession: true,
+		flags:                []string{"-expect-ticket-renewal"},
+		resumeSession:        true,
+		resumeRenewedSession: true,
 	})
 	tests = append(tests, testCase{
 		name: "Basic-Client-NoTicket",
@@ -3138,7 +3148,8 @@
 				MaxVersion: VersionTLS13,
 				MinVersion: VersionTLS13,
 			},
-			resumeSession: true,
+			resumeSession:        true,
+			resumeRenewedSession: true,
 		})
 
 		tests = append(tests, testCase{
@@ -3148,7 +3159,8 @@
 				MaxVersion: VersionTLS13,
 				MinVersion: VersionTLS13,
 			},
-			resumeSession: true,
+			resumeSession:        true,
+			resumeRenewedSession: true,
 		})
 
 		tests = append(tests, testCase{