Add certificates to the remaining ECH client tests

If the test specifies -host-name, provide the correct credential for that name. This is now uniforml done for the ECH client tests. Also switch the P256 key for a RSA 2048 key, since the P256 key caused issues for at least one 1.3 -> 1.2 session resumption test. Change-Id: Ib1ac5a77f21625205fd2349406e443b9dd248ee4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67967 Reviewed-by: David Benjamin <davidben@google.com> Auto-Submit: Roland Shoemaker <bracewell@google.com> Commit-Queue: David Benjamin <davidben@google.com>
author: Roland Shoemaker <bracewell@google.com> 2024-04-23 11:42:06 -0700
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> 2024-05-09 00:06:20 +0000
commit: 8e6aa7f39f4357a6ad15944884f72db8d25b9dff (patch)
tree: f2d6334723bd1640bc12de52ced2fd9e22f6a12b /ssl
parent: 7c44f450547cc777229462c2ac864a9326c0106c (diff)
download: boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.zip
boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.tar.gz
boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.tar.bz2
1 files changed, 13 insertions, 2 deletions
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index e18bfd3..6e80e63 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -16780,7 +16780,7 @@ func addEncryptedClientHelloTests() {
 		DNSNames:              []string{"secret.example"},
 		IsCA:                  true,
 		BasicConstraintsValid: true,
-	}, &ecdsaP256Key)
+	}, &rsa2048Key)
 	echPublicCertificate := generateSingleCertChain(&x509.Certificate{
 		SerialNumber: big.NewInt(57005),
 		Subject: pkix.Name{
@@ -16791,7 +16791,7 @@ func addEncryptedClientHelloTests() {
 		DNSNames:              []string{"public.example"},
 		IsCA:                  true,
 		BasicConstraintsValid: true,
-	}, &ecdsaP256Key)
+	}, &rsa2048Key)
 	echLongNameCertificate := generateSingleCertChain(&x509.Certificate{
 		SerialNumber: big.NewInt(57005),
 		Subject: pkix.Name{
@@ -17973,6 +17973,7 @@ write hs 4
 					ExpectServerName:      "secret.example",
 					AlwaysRejectEarlyData: true,
 				},
+				Credential: &echSecretCertificate,
 			},
 			flags: []string{
 				"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18246,6 +18247,7 @@ write hs 4
 						extensionSupportedCurves,
 					},
 				},
+				Credential: &echSecretCertificate,
 			},
 			flags: []string{
 				"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18298,6 +18300,7 @@ write hs 4
 						extensionSupportedVersions,
 					},
 				},
+				Credential: &echSecretCertificate,
 			},
 			flags: []string{
 				"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18479,6 +18482,7 @@ write hs 4
 				Bugs: ProtocolBugs{
 					ExpectServerName: "secret.example",
 				},
+				Credential: &echSecretCertificate,
 			},
 			resumeConfig: &Config{
 				MaxVersion:       VersionTLS13,
@@ -18487,6 +18491,7 @@ write hs 4
 					ExpectServerName:                    "public.example",
 					UseInnerSessionWithClientHelloOuter: true,
 				},
+				Credential: &echPublicCertificate,
 			},
 			resumeSession: true,
 			flags: []string{
@@ -18509,6 +18514,7 @@ write hs 4
 					Bugs: ProtocolBugs{
 						ExpectServerName: "secret.example",
 					},
+					Credential: &echSecretCertificate,
 				},
 				resumeConfig: &Config{
 					MinVersion:       VersionTLS12,
@@ -18522,6 +18528,7 @@ write hs 4
 						// resumed at TLS 1.2.
 						AcceptAnySession: true,
 					},
+					Credential: &echPublicCertificate,
 				},
 				resumeSession: true,
 				flags: []string{
@@ -18550,12 +18557,14 @@ write hs 4
 				Bugs: ProtocolBugs{
 					ExpectServerName: "secret.example",
 				},
+				Credential: &echSecretCertificate,
 			},
 			resumeConfig: &Config{
 				ServerECHConfigs: []ServerECHConfig{echConfig2},
 				Bugs: ProtocolBugs{
 					ExpectServerName: "public.example",
 				},
+				Credential: &echPublicCertificate,
 			},
 			flags: []string{
 				"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
@@ -18588,12 +18597,14 @@ write hs 4
 					Bugs: ProtocolBugs{
 						ExpectServerName: "secret.example",
 					},
+					Credential: &echSecretCertificate,
 				},
 				resumeConfig: &Config{
 					MaxVersion: VersionTLS12,
 					Bugs: ProtocolBugs{
 						ExpectServerName: "public.example",
 					},
+					Credential: &echPublicCertificate,
 				},
 				flags: []string{
 					"-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)),
author	Roland Shoemaker <bracewell@google.com>	2024-04-23 11:42:06 -0700
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	2024-05-09 00:06:20 +0000
commit	8e6aa7f39f4357a6ad15944884f72db8d25b9dff (patch)
tree	f2d6334723bd1640bc12de52ced2fd9e22f6a12b /ssl
parent	7c44f450547cc777229462c2ac864a9326c0106c (diff)
download	boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.zip boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.tar.gz boringssl-8e6aa7f39f4357a6ad15944884f72db8d25b9dff.tar.bz2