summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2016-01-06 10:02:28 -0800
committerKenny Root <kroot@google.com>2016-01-06 10:45:16 -0800
commite7bdc26218b2f0fa323778de1ff1449f4c5f5a52 (patch)
tree764b1a38912f323e27d42303ddb8eee7981e37ff
parentc547ad05a040b638ef7d72acf118217d573e9d71 (diff)
downloadlibcore-e7bdc26218b2f0fa323778de1ff1449f4c5f5a52.zip
libcore-e7bdc26218b2f0fa323778de1ff1449f4c5f5a52.tar.gz
libcore-e7bdc26218b2f0fa323778de1ff1449f4c5f5a52.tar.bz2
Check for RFC 5746 TLS extension
RFC 5746 allows you to either include a signaling cipher suite or a TLS extension. However, since TLS API has no way to indicate or check that a certain TLS extension is used, we insert it into the cipher suites we see to check against the enabled cipher suites. (cherry picked from commit 81885494e46596c796cdcb5037b91d92915b65a7) Bug: 24602368 Change-Id: I06422b9a90f47bb5ffa10ef614233d856773d336
-rw-r--r--luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java18
-rw-r--r--support/src/test/java/libcore/tlswire/handshake/HelloExtension.java3
2 files changed, 19 insertions, 2 deletions
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
index bf2d0f8..11dfb3d 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
@@ -1559,7 +1559,23 @@ public class SSLSocketTest extends TestCase {
@Override
public void run(SSLSocketFactory sslSocketFactory) throws Exception {
ClientHello clientHello = captureTlsHandshakeClientHello(sslSocketFactory);
- String[] cipherSuites = new String[clientHello.cipherSuites.size()];
+ final String[] cipherSuites;
+
+ // RFC 5746 allows you to send an empty "renegotiation_info" extension *or*
+ // a special signaling cipher suite. The TLS API has no way to check or
+ // indicate that a certain TLS extension should be used.
+ HelloExtension renegotiationInfoExtension = clientHello.findExtensionByType(
+ HelloExtension.TYPE_RENEGOTIATION_INFO);
+ if (renegotiationInfoExtension != null &&
+ renegotiationInfoExtension.data.length == 1 &&
+ renegotiationInfoExtension.data[0] == 0) {
+ cipherSuites = new String[clientHello.cipherSuites.size() + 1];
+ cipherSuites[clientHello.cipherSuites.size()] =
+ StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION;
+ } else {
+ cipherSuites = new String[clientHello.cipherSuites.size()];
+ }
+
for (int i = 0; i < clientHello.cipherSuites.size(); i++) {
CipherSuite cipherSuite = clientHello.cipherSuites.get(i);
cipherSuites[i] = cipherSuite.getAndroidName();
diff --git a/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java b/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java
index 5741072..a648cdf 100644
--- a/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java
+++ b/support/src/test/java/libcore/tlswire/handshake/HelloExtension.java
@@ -31,6 +31,7 @@ public class HelloExtension {
public static final int TYPE_SERVER_NAME = 0;
public static final int TYPE_PADDING = 21;
public static final int TYPE_SESSION_TICKET = 35;
+ public static final int TYPE_RENEGOTIATION_INFO = 65281;
private static final Map<Integer, String> TYPE_TO_NAME = new HashMap<Integer, String>();
static {
@@ -60,7 +61,7 @@ public class HelloExtension {
TYPE_TO_NAME.put(13172, "next_protocol_negotiation");
TYPE_TO_NAME.put(30031, "Channel ID (old)");
TYPE_TO_NAME.put(30032, "Channel ID (new)");
- TYPE_TO_NAME.put(65281, "renegotiation_info");
+ TYPE_TO_NAME.put(TYPE_RENEGOTIATION_INFO, "renegotiation_info");
}
public int type;