From 018feb90c2269a29f4ee46c073afc4a5536aea04 Mon Sep 17 00:00:00 2001
From: Tommi <tommi@webrtc.org>
Date: Fri, 29 Mar 2024 20:15:47 +0100
Subject: [PATCH] Fix OpenSSLStreamAdapter tests when openssl is boringssl

This is a follow-up to:
https://webrtc-review.googlesource.com/c/src/+/318640

The problem was that the scoped field trials in the tests only
applied to the construction of the streams, not the handshake.

Note, although the changes are in OpenSSLStreamAdapter, this CL
actually fixes the SSLStreamAdapterTestDTLSExtensionPermutation tests
in rtc_base/ssl_stream_adapter_unittest.cc.

Bug: webrtc:15467
Change-Id: I25cdd758aab1bc67fd7a6a61c956c6d52f82e3d1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/344762
Commit-Queue: Tomas Gunnarsson <tommi@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41976}
---
 rtc_base/openssl_stream_adapter.cc | 7 +++++--
 rtc_base/openssl_stream_adapter.h  | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index 9642674d45..e2c242bf0e 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -290,6 +290,10 @@ OpenSSLStreamAdapter::OpenSSLStreamAdapter(
       ssl_write_needs_read_(false),
       ssl_(nullptr),
       ssl_ctx_(nullptr),
+#ifdef OPENSSL_IS_BORINGSSL
+      permute_extension_(
+          webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello")),
+#endif
       ssl_mode_(SSL_MODE_TLS),
       ssl_max_version_(SSL_PROTOCOL_TLS_12) {
   stream_->SignalEvent.connect(this, &OpenSSLStreamAdapter::OnEvent);
@@ -1069,8 +1073,7 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
   }
 
 #ifdef OPENSSL_IS_BORINGSSL
-  SSL_CTX_set_permute_extensions(
-      ctx, webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello"));
+  SSL_CTX_set_permute_extensions(ctx, permute_extension_);
 #endif
 
   return ctx;
diff --git a/rtc_base/openssl_stream_adapter.h b/rtc_base/openssl_stream_adapter.h
index 34cadeb06c..3ef1363ed5 100644
--- a/rtc_base/openssl_stream_adapter.h
+++ b/rtc_base/openssl_stream_adapter.h
@@ -223,6 +223,10 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter,
   // Our key and certificate.
 #ifdef OPENSSL_IS_BORINGSSL
   std::unique_ptr<BoringSSLIdentity> identity_;
+  // We check and store the `WebRTC-PermuteTlsClientHello` field trial config in
+  // the constructor for convenience to allow tests to apply different
+  // configurations across instances.
+  const bool permute_extension_;
 #else
   std::unique_ptr<OpenSSLIdentity> identity_;
 #endif