From c3d85b7637fdd87cfee52d50286ce9036a6f1bc2 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Mon, 11 May 2020 13:26:07 -0700
Subject: [PATCH] deps: cherry-pick
 akamai/openssl/commit/a5a08cb8050bb69120e833456e355f482e392456

Original Commit Message:

  Test KeyUpdate rejection

  For now, just test that we don't generate any, since we don't really
  expose the mechanics for encrypting one and the QUIC API is not
  integrated into the TLSProxy setup.

PR-URL: https://github.com/nodejs/node/pull/34033
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
---
 deps/openssl/openssl/test/sslapitest.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c
index fa38c8819bf37e..3a5d1c99e48b49 100644
--- a/deps/openssl/openssl/test/sslapitest.c
+++ b/deps/openssl/openssl/test/sslapitest.c
@@ -6591,6 +6591,17 @@ static int test_quic_api(void)
             || !TEST_true(SSL_process_quic_post_handshake(clientssl)))
         goto end;
 
+    /* Dummy handshake call should succeed */
+    if (!TEST_true(SSL_do_handshake(clientssl)))
+        goto end;
+    /* Test that we (correctly) fail to send KeyUpdate */
+    if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED))
+            || !TEST_int_le(SSL_do_handshake(clientssl), 0))
+        goto end;
+    if (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_NOT_REQUESTED))
+            || !TEST_int_le(SSL_do_handshake(serverssl), 0))
+        goto end;
+
     testresult = 1;
 
 end: