diff options
author | Kenny Root <kroot@google.com> | 2015-09-25 00:26:37 +0000 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2015-09-25 00:26:37 +0000 |
commit | a04d78d392463df4e69a64360c952ffa5abd22f7 (patch) | |
tree | dc62c249d595198e0d99e43890019d21e901fbec /src/ssl/test/runner/handshake_server.go | |
parent | 1e4884f615b20946411a74e41eb9c6aa65e2d5f3 (diff) | |
download | external_boringssl-a04d78d392463df4e69a64360c952ffa5abd22f7.zip external_boringssl-a04d78d392463df4e69a64360c952ffa5abd22f7.tar.gz external_boringssl-a04d78d392463df4e69a64360c952ffa5abd22f7.tar.bz2 |
Revert "external/boringssl: sync with upstream."
This reverts commit 1e4884f615b20946411a74e41eb9c6aa65e2d5f3.
This breaks some x86 builds.
Change-Id: I4d4310663ce52bc0a130e6b9dbc22b868ff4fb25
Diffstat (limited to 'src/ssl/test/runner/handshake_server.go')
-rw-r--r-- | src/ssl/test/runner/handshake_server.go | 32 |
1 files changed, 7 insertions, 25 deletions
diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index 068dff9..85cc0d2 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -139,8 +139,8 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { c.sendAlert(alertUnexpectedMessage) return false, unexpectedMessageError(hs.clientHello, msg) } - if size := config.Bugs.RequireClientHelloSize; size != 0 && len(hs.clientHello.raw) != size { - return false, fmt.Errorf("tls: ClientHello record size is %d, but expected %d", len(hs.clientHello.raw), size) + if config.Bugs.RequireFastradioPadding && len(hs.clientHello.raw) < 1000 { + return false, errors.New("tls: ClientHello record size should be larger than 1000 bytes when padding enabled.") } if c.isDTLS && !config.Bugs.SkipHelloVerifyRequest { @@ -210,11 +210,8 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { } c.haveVers = true - hs.hello = &serverHelloMsg{ - isDTLS: c.isDTLS, - customExtension: config.Bugs.CustomExtension, - npnLast: config.Bugs.SwapNPNAndALPN, - } + hs.hello = new(serverHelloMsg) + hs.hello.isDTLS = c.isDTLS supportedCurve := false preferredCurves := config.curvePreferences() @@ -288,18 +285,12 @@ Curves: } if len(hs.clientHello.alpnProtocols) > 0 { - if proto := c.config.Bugs.ALPNProtocol; proto != nil { - hs.hello.alpnProtocol = *proto - hs.hello.alpnProtocolEmpty = len(*proto) == 0 - c.clientProtocol = *proto - c.usedALPN = true - } else if selectedProto, fallback := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); !fallback { + if selectedProto, fallback := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); !fallback { hs.hello.alpnProtocol = selectedProto c.clientProtocol = selectedProto c.usedALPN = true } - } - if len(hs.clientHello.alpnProtocols) == 0 || c.config.Bugs.NegotiateALPNAndNPN { + } else { // Although sending an empty NPN extension is reasonable, Firefox has // had a bug around this. Best to send nothing at all if // config.NextProtos is empty. See @@ -344,12 +335,6 @@ Curves: hs.hello.srtpProtectionProfile = c.config.Bugs.SendSRTPProtectionProfile } - if expected := c.config.Bugs.ExpectedCustomExtension; expected != nil { - if hs.clientHello.customExtension != *expected { - return false, fmt.Errorf("tls: bad custom extension contents %q", hs.clientHello.customExtension) - } - } - _, hs.ecdsaOk = hs.cert.PrivateKey.(*ecdsa.PrivateKey) // For test purposes, check that the peer never offers a session when @@ -531,9 +516,7 @@ func (hs *serverHandshakeState) doFullHandshake() error { if !isPSK { certMsg := new(certificateMsg) - if !config.Bugs.EmptyCertificateList { - certMsg.certificates = hs.cert.Certificate - } + certMsg.certificates = hs.cert.Certificate if !config.Bugs.UnauthenticatedECDH { certMsgBytes := certMsg.marshal() if config.Bugs.WrongCertificateMessageType { @@ -685,7 +668,6 @@ func (hs *serverHandshakeState) doFullHandshake() error { if !isSupportedSignatureAndHash(signatureAndHash, config.signatureAndHashesForServer()) { return errors.New("tls: unsupported hash function for client certificate") } - c.clientCertSignatureHash = signatureAndHash.hash } else { // Before TLS 1.2 the signature algorithm was implicit // from the key type, and only one hash per signature |