Test that SNI warning alerts are ignored. Although RFC 6066 recommends against it, some servers send a warning alert prior to ServerHello on SNI mismatch, and, per spec, TLS 1.2 allows it. We're fine here, but add a test for it. It interacts interestingly with TLS 1.3 forbidding warning alerts because it happens before version negotiation. Change-Id: I0032313c986c835b6ae1aa43da6ee0dad17a97c2 Reviewed-on: https://boringssl-review.googlesource.com/10800 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: abe94e3b0da0c9d858bd3d7806687db26865ec60 [log] [tgz]
author: David Benjamin <davidben@google.com> Sun Sep 04 14:18:58 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Sep 09 16:20:25 2016 +0000
tree: e234c8d7e13aa9e433fd980dc2f024ad5ccd1717
parent: 3e5619d121901089e39ad5491de15bb919552a60 [diff] [blame]
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 5d474a6..e1574d3 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -1059,6 +1059,10 @@
 	// SendRequestContext, if not empty, is the request context to send in
 	// a TLS 1.3 CertificateRequest.
 	SendRequestContext []byte
+
+	// SendSNIWarningAlert, if true, causes the server to send an
+	// unrecognized_name alert before the ServerHello.
+	SendSNIWarningAlert bool
 }
 
 func (c *Config) serverInit() {
commit	abe94e3b0da0c9d858bd3d7806687db26865ec60	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sun Sep 04 14:18:58 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Fri Sep 09 16:20:25 2016 +0000
tree	e234c8d7e13aa9e433fd980dc2f024ad5ccd1717
parent	3e5619d121901089e39ad5491de15bb919552a60 [diff] [blame]