From 863b72b3a8a1e542afc537106448e0fa89fca4b1 Mon Sep 17 00:00:00 2001
From: BiagioFesta <15035284+BiagioFesta@users.noreply.github.com>
Date: Thu, 28 Apr 2022 15:49:23 +0200
Subject: [PATCH] ssl/test: fix UT expectations accordingly with boringssl
 change

- boringssl fix:
https://boringssl.googlesource.com/boringssl/+/c02c19e0d842f54d903a9b62316476f4b9c4e3f0

- Now ALPN validation with SSL_TLSEXT_ERR_ALERT_FATAL makes the server
abort the handshake with an alarm. UT now correctly asserts
connection error on both client and server side.
---
 boring/src/ssl/test/mod.rs | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/boring/src/ssl/test/mod.rs b/boring/src/ssl/test/mod.rs
index 137411f1..5066a2e6 100644
--- a/boring/src/ssl/test/mod.rs
+++ b/boring/src/ssl/test/mod.rs
@@ -444,17 +444,23 @@ fn test_alpn_server_advertise_multiple() {
 #[test]
 fn test_alpn_server_select_none_fatal() {
     let mut server = Server::builder();
-    // NOTE: in Boring all alpn errors are treated as SSL_TLSEXT_ERR_NOACK
     server.ctx().set_alpn_select_callback(|_, client| {
         ssl::select_next_proto(b"\x08http/1.1\x08spdy/3.1", client)
             .ok_or(ssl::AlpnError::ALERT_FATAL)
     });
+    #[cfg(not(feature = "fips"))]
+    server.should_error();
     let server = server.build();
 
     let mut client = server.client();
     client.ctx().set_alpn_protos(b"\x06http/2").unwrap();
-    let s = client.connect();
-    assert_eq!(None, s.ssl().selected_alpn_protocol());
+
+    if cfg!(feature = "fips") {
+        let s = client.connect();
+        assert_eq!(None, s.ssl().selected_alpn_protocol());
+    } else {
+        client.connect_err();
+    }
 }
 
 #[test]