diff options
author | Roland Shoemaker <bracewell@google.com> | 2024-04-23 09:36:38 -0700 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-04-23 17:46:16 +0000 |
commit | 8f95b8279e45946f9b0ae14449f00fb0c0baceb5 (patch) | |
tree | cb6bdfff08d44ea90e50e3af489df7e42eaa0738 /ssl | |
parent | d8d1c6a2d034df2a62bcf75604a4824f0e20e19e (diff) | |
download | boringssl-8f95b8279e45946f9b0ae14449f00fb0c0baceb5.zip boringssl-8f95b8279e45946f9b0ae14449f00fb0c0baceb5.tar.gz boringssl-8f95b8279e45946f9b0ae14449f00fb0c0baceb5.tar.bz2 |
Add certificates to a couple of tests
Add certificates to a couple of tests which expect
a specific host name, but were using the default
certificate which had a different host name.
Change-Id: I03e3be21e1e47313e5dbd5b8bba937b6968533c6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67947
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: Roland Shoemaker <bracewell@google.com>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/test/runner/runner.go | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 45693d1..e18bfd3 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -6732,6 +6732,18 @@ func addMinimumVersionTests() { } func addExtensionTests() { + exampleCertificate := generateSingleCertChain(&x509.Certificate{ + SerialNumber: big.NewInt(57005), + Subject: pkix.Name{ + CommonName: "test cert", + }, + NotBefore: time.Now().Add(-time.Hour), + NotAfter: time.Now().Add(time.Hour), + DNSNames: []string{"example.com"}, + IsCA: true, + BasicConstraintsValid: true, + }, &ecdsaP256Key) + // Repeat extensions tests at all versions. for _, protocol := range []protocol{tls, dtls, quic} { for _, ver := range allVersions(protocol) { @@ -6775,6 +6787,7 @@ func addExtensionTests() { Bugs: ProtocolBugs{ ExpectServerName: "example.com", }, + Credential: &exampleCertificate, }, flags: []string{"-host-name", "example.com"}, }) @@ -6814,6 +6827,7 @@ func addExtensionTests() { Bugs: ProtocolBugs{ SendServerNameAck: true, }, + Credential: &exampleCertificate, }, flags: []string{"-host-name", "example.com"}, resumeSession: true, @@ -16756,6 +16770,40 @@ func addEncryptedClientHelloTests() { echConfig3 := generateServerECHConfig(&ECHConfig{ConfigID: 45}) echConfigRepeatID := generateServerECHConfig(&ECHConfig{ConfigID: 42}) + echSecretCertificate := generateSingleCertChain(&x509.Certificate{ + SerialNumber: big.NewInt(57005), + Subject: pkix.Name{ + CommonName: "test cert", + }, + NotBefore: time.Now().Add(-time.Hour), + NotAfter: time.Now().Add(time.Hour), + DNSNames: []string{"secret.example"}, + IsCA: true, + BasicConstraintsValid: true, + }, &ecdsaP256Key) + echPublicCertificate := generateSingleCertChain(&x509.Certificate{ + SerialNumber: big.NewInt(57005), + Subject: pkix.Name{ + CommonName: "test cert", + }, + NotBefore: time.Now().Add(-time.Hour), + NotAfter: time.Now().Add(time.Hour), + DNSNames: []string{"public.example"}, + IsCA: true, + BasicConstraintsValid: true, + }, &ecdsaP256Key) + echLongNameCertificate := generateSingleCertChain(&x509.Certificate{ + SerialNumber: big.NewInt(57005), + Subject: pkix.Name{ + CommonName: "test cert", + }, + NotBefore: time.Now().Add(-time.Hour), + NotAfter: time.Now().Add(time.Hour), + DNSNames: []string{"test0123456789.example"}, + IsCA: true, + BasicConstraintsValid: true, + }, &ecdsaP256Key) + for _, protocol := range []protocol{tls, quic} { prefix := protocol.String() + "-" @@ -17260,6 +17308,7 @@ write hs 4 name: prefix + "ECH-Client-Cipher-" + cipher.name, config: Config{ ServerECHConfigs: []ServerECHConfig{cipherConfig}, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(cipherConfig.ECHConfig.Raw)), @@ -17853,6 +17902,7 @@ write hs 4 ExpectServerName: "secret.example", ExpectOuterServerName: "public.example", }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -17876,6 +17926,7 @@ write hs 4 ExpectOuterServerName: "public.example", ExpectMissingKeyShare: true, // Check we triggered HRR. }, + Credential: &echSecretCertificate, }, resumeSession: true, flags: []string{ @@ -17899,6 +17950,7 @@ write hs 4 Bugs: ProtocolBugs{ ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -18223,6 +18275,7 @@ write hs 4 ExpectServerName: "public.example", ExpectOuterServerName: "public.example", }, + Credential: &echPublicCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(echConfig.ECHConfig.Raw)), @@ -18267,6 +18320,7 @@ write hs 4 Bugs: ProtocolBugs{ ExpectServerName: "test0123456789.example", }, + Credential: &echLongNameCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(maxNameLen10.ECHConfig.Raw)), @@ -18579,6 +18633,7 @@ write hs 4 ExpectNoClientECH: true, ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(invalidPublicName.ECHConfig.Raw)), @@ -18596,6 +18651,7 @@ write hs 4 ExpectOuterServerName: "public.example", ExpectServerName: "secret.example", }, + Credential: &echSecretCertificate, }, flags: []string{ "-ech-config-list", base64FlagValue(CreateECHConfigList(invalidPublicName.ECHConfig.Raw, echConfig.ECHConfig.Raw)), |