-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tls_inspector: Fix invalid ALPN extension in test (#34300)
This commit stops generateClientHelloFromJA3Fingerprint() generating client hellos containing an invalid ALPN extension. It also updates relevant tls_inspector_test functions to check the ALPN value, if expected. When the generateClientHelloFromJA3Fingerprint() function was asked to include an ALPN extension (16) in the generated client hello, it was generating a default empty extension with the correct id (16) but a zero length. While this is technically a valid extension, it is not a valid ALPN extension, which must include a list of the client's preferred protocol(s). This was causing test failures in the envoy-openssl repo because OpenSSL responds to the malformed ALPN extension by sending a TLS alert 50 (Decode Error) which causes many of the tls_inspector_test functions to fail. Signed-off-by: Ted Poole <[email protected]>
- Loading branch information
Showing
2 changed files
with
24 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters