diff options
author | Roland Shoemaker <bracewell@google.com> | 2024-04-23 11:42:06 -0700 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-05-09 00:06:20 +0000 |
commit | 8e6aa7f39f4357a6ad15944884f72db8d25b9dff (patch) | |
tree | f2d6334723bd1640bc12de52ced2fd9e22f6a12b /ssl | |
parent | 7c44f450547cc777229462c2ac864a9326c0106c (diff) | |
download | boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.zip boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.tar.gz boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.tar.bz2 |
Add certificates to the remaining ECH client tests
If the test specifies -host-name, provide the correct credential for
that name. This is now uniforml done for the ECH client tests.
Also switch the P256 key for a RSA 2048 key, since the P256 key caused
issues for at least one 1.3 -> 1.2 session resumption test.
Change-Id: Ib1ac5a77f21625205fd2349406e443b9dd248ee4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67967
Reviewed-by: David Benjamin <davidben@google.com>
Auto-Submit: Roland Shoemaker <bracewell@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/test/runner/runner.go | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index e18bfd3..6e80e63 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -16780,7 +16780,7 @@ func addEncryptedClientHelloTests() { DNSNames: []string{"secret.example"}, IsCA: true, BasicConstraintsValid: true, - }, &ecdsaP256Key) + }, &rsa2048Key) echPublicCertificate := generateSingleCertChain(&x509.Certificate{ SerialNumber: big.NewInt(57005), Subject: pkix.Name{ @@ -16791,7 +16791,7 @@ func addEncryptedClientHelloTests() { DNSNames: []string{"public.example"}, IsCA: true, BasicConstraintsValid: true, - }, &ecdsaP256Key) + }, &rsa2048Key) echLongNameCertificate := generateSingleCertChain(&x509.Certificate{ SerialNumber: big.NewInt(57005), Subject: pkix.Name{ @@ -17973,6 +17973,7 @@ write hs 4 ExpectServerName: "secret.example", AlwaysRejectEarlyData: true, }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -18246,6 +18247,7 @@ write hs 4 extensionSupportedCurves, }, }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -18298,6 +18300,7 @@ write hs 4 extensionSupportedVersions, }, }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -18479,6 +18482,7 @@ write hs 4 Bugs: ProtocolBugs{ ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, resumeConfig: &Config{ MaxVersion: VersionTLS13, @@ -18487,6 +18491,7 @@ write hs 4 ExpectServerName: "public.example", UseInnerSessionWithClientHelloOuter: true, }, + Credential: &echPublicCertificate, }, resumeSession: true, flags: []string{ @@ -18509,6 +18514,7 @@ write hs 4 Bugs: ProtocolBugs{ ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, resumeConfig: &Config{ MinVersion: VersionTLS12, @@ -18522,6 +18528,7 @@ write hs 4 // resumed at TLS 1.2. AcceptAnySession: true, }, + Credential: &echPublicCertificate, }, resumeSession: true, flags: []string{ @@ -18550,12 +18557,14 @@ write hs 4 Bugs: ProtocolBugs{ ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, resumeConfig: &Config{ ServerECHConfigs: []ServerECHConfig{echConfig2}, Bugs: ProtocolBugs{ ExpectServerName: "public.example", }, + Credential: &echPublicCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -18588,12 +18597,14 @@ write hs 4 Bugs: ProtocolBugs{ ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, resumeConfig: &Config{ MaxVersion: VersionTLS12, Bugs: ProtocolBugs{ ExpectServerName: "public.example", }, + Credential: &echPublicCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), |