Skip to content

Commit

Permalink
Bug 1348720 - Test alerts more thoroughly, r=ttaubert
Browse files Browse the repository at this point in the history 
This adds alert expectations to all tests that generate them.  I've chosen to
retain the alert recording that is done on a small number of tests, because
that allows us to verify that the alerts actually hit the wire.  However, the
primary means of testing alerts will be through the new TlsAgent::ExpectAlert
method and the TlsConnectTestBase::ExpectAlert and
TlsConnectTestBase::ConnectExpectAlert methods which are wrappers around the
basic function (the latter wraps ConnectExpectFail as well).

There are a few places where this change wasn't mechanical, but for the most
part this only required adding a call to the right version of ExpectAlert.

--HG--
extra : rebase_source : deb2a6bed97e48d8dee310fb8299b1ef5266ded2
extra : histedit_source : 200e94648323bdcc18821b4627de31ea7f9be751
  • Loading branch information
@martinthomson
martinthomson committed Mar 20, 2017
1 parent b4f556b commit 49e0d7f
Show file tree
Hide file tree
Showing 23 changed files with 260 additions and 185 deletions.
27 changes: 19 additions & 8 deletions gtests/ssl_gtest/ssl_0rtt_unittest.cc
View file
Expand Up @@ -24,8 +24,6 @@ namespace nss_test {

TEST_P(TlsConnectTls13, ZeroRtt) {
SetupForZeroRtt();
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
Expand Down Expand Up @@ -105,8 +103,6 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpn) {
EnableAlpn();
SetupForZeroRtt();
EnableAlpn();
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
Expand Down Expand Up @@ -159,6 +155,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnServer) {
client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
ExpectAlert(client_, kTlsAlertIllegalParameter);
return true;
});
Handshake();
Expand All @@ -178,6 +175,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnClient) {
PRUint8 b[] = {'b'};
EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
ExpectAlert(client_, kTlsAlertIllegalParameter);
return true;
});
Handshake();
Expand Down Expand Up @@ -228,6 +226,10 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngrade) {
// client sends end_of_early_data only after reading the server's flight.
client_->Set0RttEnabled(true);

client_->ExpectSendAlert(kTlsAlertIllegalParameter);
if (mode_ == STREAM) {
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
}
client_->Handshake();
server_->Handshake();
ASSERT_TRUE_WAIT(
Expand Down Expand Up @@ -265,7 +267,13 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngradeEarlyData) {
// Send the early data xtn in the CH, followed by early app data. The server
// will fail right after sending its flight, when receiving the early data.
client_->Set0RttEnabled(true);
ZeroRttSendReceive(true, false);
ZeroRttSendReceive(true, false, [this]() {
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
if (mode_ == STREAM) {
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
}
return true;
});

client_->Handshake();
server_->Handshake();
Expand Down Expand Up @@ -301,9 +309,8 @@ TEST_P(TlsConnectTls13, SendTooMuchEarlyData) {
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);

ExpectAlert(client_, kTlsAlertEndOfEarlyData);
client_->Handshake();
CheckEarlyDataLimit(client_, short_size);

Expand Down Expand Up @@ -357,6 +364,7 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);

client_->ExpectSendAlert(kTlsAlertEndOfEarlyData);
client_->Handshake(); // Send ClientHello
CheckEarlyDataLimit(client_, limit);

Expand All @@ -369,6 +377,10 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
const PRInt32 message_len = static_cast<PRInt32>(strlen(message));
EXPECT_EQ(message_len, PR_Write(client_->ssl_fd(), message, message_len));

if (mode_ == STREAM) {
// This error isn't fatal for DTLS.
ExpectAlert(server_, kTlsAlertUnexpectedMessage);
}
server_->Handshake(); // Process ClientHello, send server flight.
server_->Handshake(); // Just to make sure that we don't read ahead.
CheckEarlyDataLimit(server_, limit);
Expand All @@ -377,7 +389,6 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
std::vector<uint8_t> buf(strlen(message) + 1);
EXPECT_GT(0, PR_Read(server_->ssl_fd(), buf.data(), buf.capacity()));
if (mode_ == STREAM) {
// This error isn't fatal for DTLS.
server_->CheckErrorCode(SSL_ERROR_TOO_MUCH_EARLY_DATA);
}

Expand Down
7 changes: 7 additions & 0 deletions gtests/ssl_gtest/ssl_agent_unittest.cc
View file
Expand Up @@ -56,13 +56,15 @@ static const char *k0RttData = "ABCDEF";
TEST_P(TlsAgentTest, EarlyFinished) {
DataBuffer buffer;
MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_FINISHED);
}

TEST_P(TlsAgentTest, EarlyCertificateVerify) {
DataBuffer buffer;
MakeTrivialHandshakeRecord(kTlsHandshakeCertificateVerify, 0, &buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
}
Expand Down Expand Up @@ -90,6 +92,7 @@ TEST_P(TlsAgentTestClient13, EncryptedExtensionsInClear) {
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello.data(), server_hello.len(), &buffer);
EnsureInit();
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
}
Expand All @@ -114,6 +117,7 @@ TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
SSL_LIBRARY_VERSION_TLS_1_3);
ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
}
Expand Down Expand Up @@ -144,6 +148,7 @@ TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
SSL_LIBRARY_VERSION_TLS_1_3);
ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
}
Expand Down Expand Up @@ -174,6 +179,7 @@ TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
&buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
}
Expand All @@ -194,6 +200,7 @@ TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
&buffer);
ExpectAlert(kTlsAlertBadRecordMac);
ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
}

Expand Down
12 changes: 6 additions & 6 deletions gtests/ssl_gtest/ssl_auth_unittest.cc
View file
Expand Up @@ -198,7 +198,7 @@ TEST_P(TlsConnectTls12, ClientAuthNoSigAlgsFallback) {
client_->SetupClientAuth();
server_->RequestClientAuth(true);

ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);

// We're expecting a bad signature here because we tampered with a handshake
// message (CertReq). Previously, without the SHA-1 fallback, we would've
Expand Down Expand Up @@ -284,7 +284,7 @@ TEST_P(TlsConnectTls13, SignatureSchemeCurveMismatch) {
Reset(TlsAgent::kServerEcdsa256);
client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand All @@ -302,7 +302,7 @@ TEST_P(TlsConnectTls13, SignatureSchemeBadConfig) {
Reset(TlsAgent::kServerEcdsa256); // P-256 cert can't be used.
server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand All @@ -325,7 +325,7 @@ TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
server_->SetSignatureSchemes(SignatureSchemeEcdsaSha256,
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha256));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
Expand All @@ -344,7 +344,7 @@ TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
TEST_P(TlsConnectTls13, SignatureAlgorithmDrop) {
client_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_signature_algorithms_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertMissingExtension);
client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
}
Expand All @@ -354,7 +354,7 @@ TEST_P(TlsConnectTls13, SignatureAlgorithmDrop) {
TEST_P(TlsConnectTls12, SignatureAlgorithmDrop) {
client_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_signature_algorithms_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
}
Expand Down
2 changes: 1 addition & 1 deletion gtests/ssl_gtest/ssl_cert_ext_unittest.cc
View file
Expand Up @@ -190,7 +190,7 @@ TEST_P(TlsConnectGenericPre13, OcspMangled) {
auto replacer = std::make_shared<TlsExtensionReplacer>(
ssl_cert_status_xtn, DataBuffer(val, sizeof(val)));
server_->SetPacketFilter(replacer);
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
}
Expand Down
9 changes: 7 additions & 2 deletions gtests/ssl_gtest/ssl_damage_unittest.cc
View file
Expand Up @@ -33,12 +33,14 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
client_->StartConnect();
client_->Handshake();
server_->Handshake();
std::cerr << "Damaging HS secret\n";
std::cerr << "Damaging HS secret" << std::endl;
SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd());
client_->Handshake();
server_->Handshake();
// The client thinks it has connected.
EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());

ExpectAlert(server_, kTlsAlertDecryptError);
server_->Handshake();
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
client_->Handshake();
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
Expand All @@ -49,6 +51,9 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_3);
client_->ExpectSendAlert(kTlsAlertDecryptError);
// The server can't read the client's alert, so it also sends an alert.
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
server_->SetPacketFilter(std::make_shared<AfterRecordN>(
server_, client_,
0, // ServerHello.
Expand Down
26 changes: 18 additions & 8 deletions gtests/ssl_gtest/ssl_dhe_unittest.cc
View file
Expand Up @@ -97,7 +97,7 @@ TEST_P(TlsConnectGenericPre13, ConnectFfdheServer) {
Connect();
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
} else {
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand Down Expand Up @@ -130,7 +130,7 @@ TEST_P(TlsConnectGenericPre13, DamageServerKeyShare) {
SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
server_->SetPacketFilter(std::make_shared<TlsDheServerKeyExchangeDamager>());

ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);

client_->CheckErrorCode(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
Expand Down Expand Up @@ -295,6 +295,11 @@ TEST_P(TlsDamageDHYTest, DamageServerY) {
server_->SetPacketFilter(
std::make_shared<TlsDheSkeChangeYServer>(change, true));

if (change == TlsDheSkeChangeY::kYZeroPad) {
ExpectAlert(client_, kTlsAlertDecryptError);
} else {
ExpectAlert(client_, kTlsAlertIllegalParameter);
}
ConnectExpectFail();
if (change == TlsDheSkeChangeY::kYZeroPad) {
// Zero padding Y only manifests in a signature failure.
Expand Down Expand Up @@ -327,6 +332,11 @@ TEST_P(TlsDamageDHYTest, DamageClientY) {
client_->SetPacketFilter(
std::make_shared<TlsDheSkeChangeYClient>(change, server_filter));

if (change == TlsDheSkeChangeY::kYZeroPad) {
ExpectAlert(server_, kTlsAlertDecryptError);
} else {
ExpectAlert(server_, kTlsAlertHandshakeFailure);
}
ConnectExpectFail();
if (change == TlsDheSkeChangeY::kYZeroPad) {
// Zero padding Y only manifests in a finished error.
Expand Down Expand Up @@ -385,7 +395,7 @@ TEST_P(TlsConnectGenericPre13, MakeDhePEven) {
EnableOnlyDheCiphers();
server_->SetPacketFilter(std::make_shared<TlsDheSkeMakePEven>());

ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);

client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
Expand Down Expand Up @@ -416,7 +426,7 @@ TEST_P(TlsConnectGenericPre13, PadDheP) {
EnableOnlyDheCiphers();
server_->SetPacketFilter(std::make_shared<TlsDheSkeZeroPadP>());

ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertDecryptError);

// In TLS 1.0 and 1.1, the client reports a device error.
if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
Expand Down Expand Up @@ -475,7 +485,7 @@ TEST_P(TlsConnectTls13, NamedGroupMismatch13) {
server_->ConfigNamedGroups(server_groups);
client_->ConfigNamedGroups(client_groups);

ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand All @@ -493,7 +503,7 @@ TEST_P(TlsConnectGenericPre13, RequireNamedGroupsMismatchPre13) {
server_->ConfigNamedGroups(server_groups);
client_->ConfigNamedGroups(client_groups);

ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand Down Expand Up @@ -523,7 +533,7 @@ TEST_P(TlsConnectGenericPre13, MismatchDHE) {
EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(client_->ssl_fd(), clientGroups,
PR_ARRAY_SIZE(clientGroups)));

ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand Down Expand Up @@ -607,7 +617,7 @@ TEST_P(TlsConnectGenericPre13, InvalidDERSignatureFfdhe) {
server_->SetPacketFilter(std::make_shared<TlsDheSkeChangeSignature>(
version_, kBogusDheSignature, sizeof(kBogusDheSignature)));

ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
}

Expand Down
10 changes: 5 additions & 5 deletions gtests/ssl_gtest/ssl_ecdh_unittest.cc
View file
Expand Up @@ -228,7 +228,7 @@ TEST_P(TlsConnectGenericPre13, DropSupportedGroupExtensionP256) {
auto group_capture = std::make_shared<TlsKeyExchangeGroupCapture>();
server_->SetPacketFilter(group_capture);

ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);

Expand All @@ -240,7 +240,7 @@ TEST_P(TlsConnectTls13, DropSupportedGroupExtension) {
EnsureTlsSetup();
client_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_supported_groups_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertMissingExtension);
client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);
}
Expand Down Expand Up @@ -485,7 +485,7 @@ TEST_P(TlsConnectGeneric, P256ClientAndCurve25519Server) {
client_->ConfigNamedGroups(client_groups);
server_->ConfigNamedGroups(server_groups);

ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
Expand Down Expand Up @@ -562,14 +562,14 @@ class ECCServerKEXFilter : public TlsHandshakeFilter {
TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyServerPoint) {
// add packet filter
server_->SetPacketFilter(std::make_shared<ECCServerKEXFilter>());
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH);
}

TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyClientPoint) {
// add packet filter
client_->SetPacketFilter(std::make_shared<ECCClientKEXFilter>());
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH);
}

Expand Down
6 changes: 1 addition & 5 deletions gtests/ssl_gtest/ssl_ems_unittest.cc
View file
Expand Up @@ -79,11 +79,7 @@ TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretResumeWithout) {

Reset();
server_->EnableExtendedMasterSecret();
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description());
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
}

TEST_P(TlsConnectGenericPre13, ConnectNormalResumeWithExtendedMasterSecret) {
Expand Down

0 comments on commit 49e0d7f

Please sign in to comment.