From 77dfe50da7bec1014927228497e17e3052a417c4 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Mon, 11 May 2020 13:26:07 -0700
Subject: QUIC: Test KeyUpdate rejection

For now, just test that we don't generate any, since we don't really
expose the mechanics for encrypting one and the QUIC API is not
integrated into the TLSProxy setup.

(cherry picked from commit 67ac3a279919142b198f7bd4c69963fd60de6ecf)
---
 test/sslapitest.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index bf7088adf7..c82cd73c0a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -7408,6 +7408,17 @@ static int test_quic_api(void)
             || !TEST_true(SSL_process_quic_post_handshake(clientssl)))
         goto end;
 
+    /* Dummy handshake call should succeed */
+    if (!TEST_true(SSL_do_handshake(clientssl)))
+        goto end;
+    /* Test that we (correctly) fail to send KeyUpdate */
+    if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED))
+            || !TEST_int_le(SSL_do_handshake(clientssl), 0))
+        goto end;
+    if (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_NOT_REQUESTED))
+            || !TEST_int_le(SSL_do_handshake(serverssl), 0))
+        goto end;
+
     testresult = 1;
 
 end:
-- 
2.35.3