Reject warning alerts in TLS 1.3.
As of https://github.com/tlswg/tls13-spec/pull/530, they're gone.
They're still allowed just before the ClientHello or ServerHello, which
is kind of odd, but so it goes.
BUG=86
Change-Id: I3d556ab45e42d0755d23566e006c0db9af35b7b6
Reviewed-on: https://boringssl-review.googlesource.com/9114
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3a367c5..02e26a2 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1925,22 +1925,44 @@
expectedError: ":TOO_MANY_EMPTY_FRAGMENTS:",
},
{
- name: "SendWarningAlerts-Pass",
+ name: "SendWarningAlerts-Pass",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ },
sendWarningAlerts: 4,
},
{
- protocol: dtls,
- name: "SendWarningAlerts-DTLS-Pass",
+ protocol: dtls,
+ name: "SendWarningAlerts-DTLS-Pass",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ },
sendWarningAlerts: 4,
},
{
- name: "SendWarningAlerts",
+ name: "SendWarningAlerts-TLS13",
+ config: Config{
+ MaxVersion: VersionTLS13,
+ },
+ sendWarningAlerts: 4,
+ shouldFail: true,
+ expectedError: ":BAD_ALERT:",
+ expectedLocalError: "remote error: error decoding message",
+ },
+ {
+ name: "SendWarningAlerts",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ },
sendWarningAlerts: 5,
shouldFail: true,
expectedError: ":TOO_MANY_WARNING_ALERTS:",
},
{
- name: "SendWarningAlerts-Async",
+ name: "SendWarningAlerts-Async",
+ config: Config{
+ MaxVersion: VersionTLS12,
+ },
sendWarningAlerts: 5,
flags: []string{"-async"},
shouldFail: true,
@@ -3685,6 +3707,7 @@
tests = append(tests, testCase{
name: "Shutdown-Shim",
config: Config{
+ MaxVersion: VersionTLS12,
Bugs: ProtocolBugs{
ExpectCloseNotify: true,
},