From dc96744fa990096827013b1bfc7ebbff751b9f13 Mon Sep 17 00:00:00 2001 From: Clide Stefani Date: Tue, 11 Jun 2024 14:42:13 -0400 Subject: [PATCH] crypto/tls: add support for -reject-alpn and -decline-alpn flags to bogo_shim_test The existing implementation of bogo_shim_test does not support tests which use the reject-alpn or the decline-alpn flag. This change adds support for these flags in bogo_shim_test. Updates #51434 Updates #46310 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest Change-Id: I3ff23ff4edd8f4c6c37ee6c9f2ee4689066c4e00 Reviewed-on: https://go-review.googlesource.com/c/go/+/592198 Reviewed-by: Roland Shoemaker Reviewed-by: David Chase Auto-Submit: Roland Shoemaker LUCI-TryBot-Result: Go LUCI --- bogo_shim_test.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/bogo_shim_test.go b/bogo_shim_test.go index 2d8100d..38087d2 100644 --- a/bogo_shim_test.go +++ b/bogo_shim_test.go @@ -75,6 +75,8 @@ var ( advertiseALPN = flag.String("advertise-alpn", "", "") expectALPN = flag.String("expect-alpn", "", "") + rejectALPN = flag.Bool("reject-alpn", false, "") + declineALPN = flag.Bool("decline-alpn", false, "") hostName = flag.String("host-name", "", "") @@ -126,6 +128,14 @@ func bogoShim() { } } + if *rejectALPN { + cfg.NextProtos = []string{"unnegotiableprotocol"} + } + + if *declineALPN { + cfg.NextProtos = []string{} + } + if *hostName != "" { cfg.ServerName = *hostName } @@ -256,6 +266,9 @@ func bogoShim() { if *expectVersion != 0 && cs.Version != uint16(*expectVersion) { log.Fatalf("expected ssl version %q, got %q", uint16(*expectVersion), cs.Version) } + if *declineALPN && cs.NegotiatedProtocol != "" { + log.Fatal("unexpected ALPN protocol") + } if *expectECHAccepted && !cs.ECHAccepted { log.Fatal("expected ECH to be accepted, but connection state shows it was not") } else if i == 0 && *onInitialExpectECHAccepted && !cs.ECHAccepted {