Test that switching versions on renego is illegal. We handle this correctly but never wrote a test for it. Noticed this in chatting about the second ClientHello.version bug workaround with Eric Rescorla. Change-Id: I09bc6c995d07c0f2c9936031b52c3c639ed3695e Reviewed-on: https://boringssl-review.googlesource.com/9154 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: e7e36aae253be9d054b5df108ac9fea42e1a0557 [log] [tgz]
author: David Benjamin <davidben@google.com> Mon Aug 08 12:39:41 2016 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Aug 08 17:27:42 2016 +0000
tree: 636e793a39ff49a1e180993f1acbe9ab44203afc
parent: 2f8ea545a63be73a6869a5cfd018748c0f868d83 [diff] [blame]
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index aca308c..b6befe4 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -606,6 +606,10 @@
 	// peer.
 	NegotiateVersion uint16
 
+	// NegotiateVersionOnRenego, if non-zero, causes the server to negotiate
+	// the specified TLS version on renegotiation rather than retaining it.
+	NegotiateVersionOnRenego uint16
+
 	// ExpectFalseStart causes the server to, on full handshakes,
 	// expect the peer to False Start; the server Finished message
 	// isn't sent until we receive an application data record
commit	e7e36aae253be9d054b5df108ac9fea42e1a0557	[log] [tgz]
author	David Benjamin <davidben@google.com>	Mon Aug 08 12:39:41 2016 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Mon Aug 08 17:27:42 2016 +0000
tree	636e793a39ff49a1e180993f1acbe9ab44203afc
parent	2f8ea545a63be73a6869a5cfd018748c0f868d83 [diff] [blame]