From 47d87740ae953c740da9f54ca5bde2bc4f53aedb Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 1 Oct 2017 11:52:57 +0700 Subject: [PATCH] add an integration test for invalid certificates --- integrationtests/self/handshake_rtt_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/integrationtests/self/handshake_rtt_test.go b/integrationtests/self/handshake_rtt_test.go index af900feb1..c2223f08c 100644 --- a/integrationtests/self/handshake_rtt_test.go +++ b/integrationtests/self/handshake_rtt_test.go @@ -149,4 +149,15 @@ var _ = Describe("Handshake RTT tests", func() { // plus 1 RTT: the timer starts 0.5 RTTs after sending the first packet, and the CONNECTION_CLOSE needs another 0.5 RTTs to reach the client expectDurationInRTTs(3) }) + + It("errors when the client doesn't accept the certificate", func() { + // don't validate the client's address, send the certificate in the first flight + serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { + return true + } + runServerAndProxy() + _, err := quic.DialAddr(proxy.LocalAddr().String(), nil, nil) + Expect(err).To(MatchError(qerr.ProofInvalid)) + expectDurationInRTTs(1) + }) })