fix NpnTestNoOverlap SSL test with OpenSSL 1.0.2g

Summary: Update NextProtocolTest.NpnTestNoOverlap to work with OpenSSL 1.0.2g. The test previously had a comment explicitly indicating that it did not work with this version of OpenSSL. Reviewed By: anirudhvr Differential Revision: D6843334 fbshipit-source-id: 2c179597e5b48b5284601ca84299da8b9a9c0e62

fix NpnTestNoOverlap SSL test with OpenSSL 1.0.2g
Summary: Update NextProtocolTest.NpnTestNoOverlap to work with OpenSSL 1.0.2g. The test previously had a comment explicitly indicating that it did not work with this version of OpenSSL. Reviewed By: anirudhvr Differential Revision: D6843334 fbshipit-source-id: 2c179597e5b48b5284601ca84299da8b9a9c0e62
bfed8ebb · Adam Simpkins · Facebook Github Bot · aaf79543 · bfed8ebb
Commit bfed8ebb authored Jan 30, 2018 by Adam Simpkins Committed by Facebook Github Bot Jan 30, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 9 deletions

folly/io/async/test/AsyncSSLSocketTest.cpp folly/io/async/test/AsyncSSLSocketTest.cpp +12 -9

No files found.
--- a/folly/io/async/test/AsyncSSLSocketTest.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest.cpp
@@ -544,8 +544,6 @@ TEST_P(NextProtocolMismatchTest, NpnAlpnTestNoOverlap) {
      {SSLContext::NextProtocolType::NPN, SSLContext::NextProtocolType::NPN});
 }

-// Note: the behavior changed in the ANY/ANY case in OpenSSL 1.0.2h, this test
-// will fail on 1.0.2 before that.
 TEST_P(NextProtocolTest, NpnTestNoOverlap) {
  clientCtx->setAdvertisedNextProtocols({"blub"}, GetParam().first);
  serverCtx->setAdvertisedNextProtocols(
@@ -559,22 +557,27 @@ TEST_P(NextProtocolTest, NpnTestNoOverlap) {
    // on all OpenSSL versions/variants, and we want to know if it changes.
    expectNoProtocol();
  }
-#if FOLLY_OPENSSL_IS_110 || defined(OPENSSL_IS_BORINGSSL)
  else if (
      GetParam().first == SSLContext::NextProtocolType::ANY &&
      GetParam().second == SSLContext::NextProtocolType::ANY) {
 #if FOLLY_OPENSSL_IS_110
-    // OpenSSL 1.1.0 sends a fatal alert on mismatch, which is probavbly the
+    // OpenSSL 1.1.0 sends a fatal alert on mismatch, which is probably the
    // correct behavior per RFC7301
    expectHandshakeError();
 #else
-    // BoringSSL also doesn't fatal on mismatch but behaves slightly differently
-    // from OpenSSL 1.0.2h+ - it doesn't select a protocol if both ends support
-    // NPN *and* ALPN
-    expectNoProtocol();
+    // Behavior varies for other OpenSSL versions.
+    expectHandshakeSuccess();
+    if (client->nextProtoLength == 0) {
+      // BoringSSL and OpenSSL 1.0.2 before 1.0.2h
+      expectNoProtocol();
+    } else {
+      // OpenSSL 1.0.2h+
+      expectProtocol("blub");
+      expectProtocolType({SSLContext::NextProtocolType::NPN,
+                          SSLContext::NextProtocolType::NPN});
+    }
 #endif
  }
-#endif
  else {
    expectProtocol("blub");
    expectProtocolType(