diff --git a/src/crypto/tls/bogo_config.json b/src/crypto/tls/bogo_config.json index b88201a4575..8276d08d351 100644 --- a/src/crypto/tls/bogo_config.json +++ b/src/crypto/tls/bogo_config.json @@ -66,20 +66,13 @@ "SupportTicketsWithSessionID": "We don't support session ID resumption", "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed", "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed", - "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed", - "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed", "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed", "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed", - "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed", - "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed", "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed", "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed", - "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed", - "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed", "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed", "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed", "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed", - "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed", "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed", "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed", "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed", diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go index 141175c801e..cd9b9778fd7 100644 --- a/src/crypto/tls/conn.go +++ b/src/crypto/tls/conn.go @@ -1179,7 +1179,7 @@ func (c *Conn) unmarshalHandshakeMessage(data []byte, transcript transcriptHash) data = append([]byte(nil), data...) if !m.unmarshal(data) { - return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + return nil, c.in.setErrorLocked(c.sendAlert(alertDecodeError)) } if transcript != nil { diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go index c72974ef951..a6d64a506a0 100644 --- a/src/crypto/tls/handshake_server_test.go +++ b/src/crypto/tls/handshake_server_test.go @@ -157,7 +157,7 @@ func TestRejectSNIWithTrailingDot(t *testing.T) { vers: VersionTLS12, random: make([]byte, 32), serverName: "foo.com.", - }, "unexpected message") + }, "decoding message") } func TestDontSelectECDSAWithRSAKey(t *testing.T) { diff --git a/src/crypto/tls/quic_test.go b/src/crypto/tls/quic_test.go index ba75101dd5c..51cd4ef765d 100644 --- a/src/crypto/tls/quic_test.go +++ b/src/crypto/tls/quic_test.go @@ -9,6 +9,7 @@ import ( "context" "errors" "reflect" + "strings" "testing" ) @@ -308,11 +309,11 @@ func TestQUICPostHandshakeKeyUpdate(t *testing.T) { if err != nil { t.Fatal(err) } - if err := cli.conn.HandleData(QUICEncryptionLevelApplication, append([]byte{ - byte(typeKeyUpdate), - byte(0), byte(0), byte(len(keyUpdateBytes)), - }, keyUpdateBytes...)); !errors.Is(err, alertUnexpectedMessage) { - t.Fatalf("key update request: got error %v, want alertUnexpectedMessage", err) + expectedErr := "unexpected key update message" + if err = cli.conn.HandleData(QUICEncryptionLevelApplication, keyUpdateBytes); err == nil { + t.Fatalf("key update request: expected error from post-handshake key update, got nil") + } else if !strings.Contains(err.Error(), expectedErr) { + t.Fatalf("key update request: got error %v, expected substring %q", err, expectedErr) } }