Update BoringSSL tests to latest version

3 files changed, 10 insertions, 3 deletions

diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp
index f4b67d5a4..34a4b33e0 100644
--- a/src/bogo_shim/bogo_shim.cpp
+++ b/src/bogo_shim/bogo_shim.cpp
@@ -142,6 +142,7 @@ std::string map_to_bogo_error(const std::string& e)
          { "Received handshake data after connection closure", ":NO_RENEGOTIATION:" },
          { "Received unexpected record version in initial record", ":WRONG_VERSION_NUMBER:" },
          { "Received unexpected record version", ":WRONG_VERSION_NUMBER:" },
+         { "Rejecting ALPN request with alert", ":NO_APPLICATION_PROTOCOL:" },
          { "Server attempting to negotiate SSLv3 which is not supported", ":UNSUPPORTED_PROTOCOL:" },
          { "Server certificate changed during renegotiation", ":SERVER_CERT_CHANGED:" },
          { "Server changed its mind about extended master secret", ":RENEGOTIATION_EMS_MISMATCH:" },
@@ -616,6 +617,7 @@ std::unique_ptr<Shim_Arguments> parse_options(char* argv[])
       //"partial-write",
       //"peek-then-read",
       //"read-with-unfinished-write",
+      "reject-alpn",
       "renegotiate-freely",
       "renegotiate-ignore",
       "renegotiate-once",
@@ -1359,6 +1361,10 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks
          if(client_protos.empty())
             return ""; // shouldn't happen?
 
+         if(m_args.flag_set("reject-alpn"))
+            throw Botan::TLS::TLS_Exception(Botan::TLS::Alert::NO_APPLICATION_PROTOCOL,
+                                            "Rejecting ALPN request with alert");
+
          if(m_args.flag_set("decline-alpn"))
             return "";
 
@@ -1575,7 +1581,7 @@ int main(int /*argc*/, char* argv[])
             shim_log("Offering " + offer_version.to_string());
 
             std::string host_name = args->get_string_opt_or_else("host-name", "localhost");
-            if(args->test_name().find("UnsolicitedServerNameAck-TLS1") == 0)
+            if(args->test_name().find("UnsolicitedServerNameAck") == 0)
                host_name = ""; // avoid sending SNI for this test
 
             Botan::TLS::Server_Information server_info(host_name, port);
diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json
index d8f3f6345..8c5c4b1c6 100644
--- a/src/bogo_shim/config.json
+++ b/src/bogo_shim/config.json
@@ -27,6 +27,7 @@
         "Resume-Server-OmitPSKsOnSecondClientHello": "No TLS 1.3",
         "PartialServerHelloWithHelloRetryRequest": "No TLS 1.3",
         "PartialClientFinishedWithSecondClientHello": "No TLS 1.3",
+        "ECH*": "No ECH support",
 
         "DuplicateCertCompressionExt*": "No support for 1.3 cert compression extension",
 
@@ -56,7 +57,7 @@
         "*SignedCertificateTimestamp*": "No support for SCT",
         "*SCT*": "No support for SCT",
         "Renegotiation-ChangeAuthProperties": "No support for SCT",
-        "UnsolicitedCertificateExtensions-TLS*": "No support for SCT",
+        "UnsolicitedCertificateExtensions-*": "No support for SCT",
 
         "CertificateVerificationSoftFail*":  "Fail, but don't fail... wtf?",
 
diff --git a/src/scripts/ci/setup_gh_actions.sh b/src/scripts/ci/setup_gh_actions.sh
index 6077e2454..d43c6557b 100755
--- a/src/scripts/ci/setup_gh_actions.sh
+++ b/src/scripts/ci/setup_gh_actions.sh
@@ -53,7 +53,7 @@ if type -p "apt-get"; then
         pip install --user codecov
         echo "$HOME/.local/bin" >> "$GITHUB_PATH"
 
-        git clone --depth 1 --branch jack/runner-20201201 https://github.com/randombit/boringssl.git
+        git clone --depth 1 --branch jack/runner-20210401 https://github.com/randombit/boringssl.git
 
         sudo chgrp -R "$(id -g)" /var/lib/softhsm/ /etc/softhsm
         sudo chmod g+w /var/lib/softhsm/tokens