deps: cherry-pick akamai/openssl/commit/a5a08cb8050bb69120e833456e355…

…f482e392456 Original Commit Message: Test KeyUpdate rejection For now, just test that we don't generate any, since we don't really expose the mechanics for encrypting one and the QUIC API is not integrated into the TLSProxy setup. PR-URL: #34033 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
nodejs · Jun 24, 2020 · c3d85b7 · c3d85b7
1 parent bad1a15
commit c3d85b7
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c
@@ -6591,6 +6591,17 @@ static int test_quic_api(void)
             || !TEST_true(SSL_process_quic_post_handshake(clientssl)))
         goto end;
 
+    /* Dummy handshake call should succeed */
+    if (!TEST_true(SSL_do_handshake(clientssl)))
+        goto end;
+    /* Test that we (correctly) fail to send KeyUpdate */
+    if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED))
+            || !TEST_int_le(SSL_do_handshake(clientssl), 0))
+        goto end;
+    if (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_NOT_REQUESTED))
+            || !TEST_int_le(SSL_do_handshake(serverssl), 0))
+        goto end;
+
     testresult = 1;
 
 end: