Revert of Allow the DTLS fingerprint verification to occur after the handshake.

webrtc/p2p/base/dtlstransportchannel_unittest.cc

 /*
  *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 63 matching lines @@
     return certificate_;
   }
   void SetupSrtp() {
     ASSERT(certificate_);
     use_dtls_srtp_ = true;
   }
   void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) {
     ASSERT(!transport_);
     ssl_max_version_ = version;
   }
-  void SetupChannels(int count, cricket::IceRole role, int async_delay_ms = 0) {
+  void SetupChannels(int count, cricket::IceRole role) {
     transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>(
         "dtls content name", nullptr, certificate_));
     transport_->SetAsync(true);
-    transport_->SetAsyncDelay(async_delay_ms);
     transport_->SetIceRole(role);
     transport_->SetIceTiebreaker(
         (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2);
 
     for (int i = 0; i < count; ++i) {
       cricket::DtlsTransportChannelWrapper* channel =
           static_cast<cricket::DtlsTransportChannelWrapper*>(
               transport_->CreateChannel(i));
       ASSERT_TRUE(channel != NULL);
       channel->SetSslMaxProtocolVersion(ssl_max_version_);
@@ skipping 14 matching lines @@
   cricket::Transport* transport() { return transport_.get(); }
 
   cricket::FakeTransportChannel* GetFakeChannel(int component) {
     cricket::TransportChannelImpl* ch = transport_->GetChannel(component);
     cricket::DtlsTransportChannelWrapper* wrapper =
         static_cast<cricket::DtlsTransportChannelWrapper*>(ch);
     return (wrapper) ?
         static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL;
   }
 
-  cricket::DtlsTransportChannelWrapper* GetDtlsChannel(int component) {
-    cricket::TransportChannelImpl* ch = transport_->GetChannel(component);
-    return static_cast<cricket::DtlsTransportChannelWrapper*>(ch);
-  }
-
   // Offer DTLS if we have an identity; pass in a remote fingerprint only if
   // both sides support DTLS.
   void Negotiate(DtlsTestClient* peer, cricket::ContentAction action,
                  ConnectionRole local_role, ConnectionRole remote_role,
                  int flags) {
     Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, action,
               local_role, remote_role, flags);
   }
 
   void MaybeSetSrtpCryptoSuites() {
@@ skipping 13 matching lines @@
       cricket::ContentAction action,
       ConnectionRole role,
       int flags) {
     // If |NF_EXPECT_FAILURE| is set, expect SRTD or SLTD to fail when
     // content action is CA_ANSWER.
     bool expect_success =
         !((action == cricket::CA_ANSWER) && (flags & NF_EXPECT_FAILURE));
     EXPECT_EQ(expect_success,
               transport_->SetLocalTransportDescription(
                   MakeTransportDescription(cert, role), action, nullptr));
+    set_local_cert_ = (cert != nullptr);
   }
 
   void SetRemoteTransportDescription(
       const rtc::scoped_refptr<rtc::RTCCertificate>& cert,
       cricket::ContentAction action,
       ConnectionRole role,
       int flags) {
     // If |NF_EXPECT_FAILURE| is set, expect SRTD or SLTD to fail when
     // content action is CA_ANSWER.
     bool expect_success =
         !((action == cricket::CA_ANSWER) && (flags & NF_EXPECT_FAILURE));
     EXPECT_EQ(expect_success,
               transport_->SetRemoteTransportDescription(
                   MakeTransportDescription(cert, role), action, nullptr));
+    set_remote_cert_ = (cert != nullptr);
   }
 
   // Allow any DTLS configuration to be specified (including invalid ones).
   void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert,
                  const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert,
                  cricket::ContentAction action,
                  ConnectionRole local_role,
                  ConnectionRole remote_role,
                  int flags) {
     if (!(flags & NF_REOFFER)) {
@@ skipping 41 matching lines @@
         return false;
       }
     }
     return true;
   }
 
   int received_dtls_client_hellos() const {
     return received_dtls_client_hellos_;
   }
 
-  int received_dtls_server_hellos() const {
-    return received_dtls_server_hellos_;
-  }
-
-  bool negotiated_dtls() const {
-    return transport_->local_description() &&
-           transport_->local_description()->identity_fingerprint &&
-           transport_->remote_description() &&
-           transport_->remote_description()->identity_fingerprint;
-  }
+  bool negotiated_dtls() const { return set_local_cert_ && set_remote_cert_; }
 
   void CheckRole(rtc::SSLRole role) {
     if (role == rtc::SSL_CLIENT) {
       ASSERT_EQ(0, received_dtls_client_hellos_);
       ASSERT_GT(received_dtls_server_hellos_, 0);
     } else {
       ASSERT_GT(received_dtls_client_hellos_, 0);
       ASSERT_EQ(0, received_dtls_server_hellos_);
     }
   }
@@ skipping 161 matching lines @@
 
  private:
   std::string name_;
   rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
   std::unique_ptr<cricket::FakeTransport> transport_;
   std::vector<cricket::DtlsTransportChannelWrapper*> channels_;
   size_t packet_size_ = 0u;
   std::set<int> received_;
   bool use_dtls_srtp_ = false;
   rtc::SSLProtocolVersion ssl_max_version_ = rtc::SSL_PROTOCOL_DTLS_12;
+  bool set_local_cert_ = false;
+  bool set_remote_cert_ = false;
   int received_dtls_client_hellos_ = 0;
   int received_dtls_server_hellos_ = 0;
   rtc::SentPacket sent_packet_;
 };
 
-// Base class for DtlsTransportChannelTest and DtlsEventOrderingTest, which
-// inherit from different variants of testing::Test.
-//
 // Note that this test always uses a FakeClock, due to the |fake_clock_| member
 // variable.
-class DtlsTransportChannelTestBase {
+class DtlsTransportChannelTest : public testing::Test {
  public:
-  DtlsTransportChannelTestBase()
+  DtlsTransportChannelTest()
       : client1_("P1"),
         client2_("P2"),
         channel_ct_(1),
         use_dtls_(false),
         use_dtls_srtp_(false),
         ssl_expected_version_(rtc::SSL_PROTOCOL_DTLS_12) {}
 
   void SetChannelCount(size_t channel_ct) {
     channel_ct_ = static_cast<int>(channel_ct);
   }
@@ skipping 52 matching lines @@
           client2_.certificate(), cricket::CA_ANSWER, client2_role, 0);
       rv = client1_.Connect(&client2_, false);
       client1_.SetRemoteTransportDescription(
           client2_.certificate(), cricket::CA_ANSWER, client2_role, 0);
     }
 
     EXPECT_TRUE(rv);
     if (!rv)
       return false;
 
-    EXPECT_TRUE_SIMULATED_WAIT(
+    EXPECT_TRUE_WAIT(
         client1_.all_channels_writable() && client2_.all_channels_writable(),
-        kTimeout, fake_clock_);
+        kTimeout);
     if (!client1_.all_channels_writable() || !client2_.all_channels_writable())
       return false;
 
     // Check that we used the right roles.
     if (use_dtls_) {
       rtc::SSLRole client1_ssl_role =
           (client1_role == cricket::CONNECTIONROLE_ACTIVE ||
            (client2_role == cricket::CONNECTIONROLE_PASSIVE &&
             client1_role == cricket::CONNECTIONROLE_ACTPASS)) ?
               rtc::SSL_CLIENT : rtc::SSL_SERVER;
@@ skipping 70 matching lines @@
                          client2_role, client1_role, flags);
       client1_.Negotiate(&client2_, cricket::CA_ANSWER,
                          client1_role, client2_role, flags);
     }
   }
 
   void TestTransfer(size_t channel, size_t size, size_t count, bool srtp) {
     LOG(LS_INFO) << "Expect packets, size=" << size;
     client2_.ExpectPackets(channel, size);
     client1_.SendPackets(channel, size, count, srtp);
-    EXPECT_EQ_SIMULATED_WAIT(count, client2_.NumPacketsReceived(), kTimeout,
-                             fake_clock_);
+    EXPECT_EQ_WAIT(count, client2_.NumPacketsReceived(), kTimeout);
   }
 
  protected:
   rtc::ScopedFakeClock fake_clock_;
   DtlsTestClient client1_;
   DtlsTestClient client2_;
   int channel_ct_;
   bool use_dtls_;
   bool use_dtls_srtp_;
   rtc::SSLProtocolVersion ssl_expected_version_;
 };
 
-class DtlsTransportChannelTest : public DtlsTransportChannelTestBase,
-                                 public ::testing::Test {};
-
 // Test that transport negotiation of ICE, no DTLS works properly.
 TEST_F(DtlsTransportChannelTest, TestChannelSetupIce) {
   Negotiate();
   cricket::FakeTransportChannel* channel1 = client1_.GetFakeChannel(0);
   cricket::FakeTransportChannel* channel2 = client2_.GetFakeChannel(0);
   ASSERT_TRUE(channel1 != NULL);
   ASSERT_TRUE(channel2 != NULL);
   EXPECT_EQ(cricket::ICEROLE_CONTROLLING, channel1->GetIceRole());
   EXPECT_EQ(1U, channel1->IceTiebreaker());
   EXPECT_EQ(kIceUfrag1, channel1->ice_ufrag());
@@ skipping 263 matching lines @@
   MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
   Negotiate();
 
   Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
               cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
   bool rv = client1_.Connect(&client2_, false);
   EXPECT_TRUE(rv);
-  EXPECT_TRUE_SIMULATED_WAIT(
+  EXPECT_TRUE_WAIT(
       client1_.all_channels_writable() && client2_.all_channels_writable(),
-      kTimeout, fake_clock_);
+      kTimeout);
 
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
 }
 
 // Test Certificates state after negotiation but before connection.
 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
   MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   Negotiate();
@@ skipping 34 matching lines @@
   ASSERT_TRUE(remote_cert1);
   ASSERT_EQ(remote_cert1->ToPEMString(),
             certificate2->ssl_certificate().ToPEMString());
   std::unique_ptr<rtc::SSLCertificate> remote_cert2 =
       client2_.transport()->GetRemoteSSLCertificate();
   ASSERT_TRUE(remote_cert2);
   ASSERT_EQ(remote_cert2->ToPEMString(),
             certificate1->ssl_certificate().ToPEMString());
 }
 
+// Test that DTLS completes promptly if a ClientHello is received before the
+// transport channel is writable (allowing a ServerHello to be sent).
+TEST_F(DtlsTransportChannelTest, TestReceiveClientHelloBeforeWritable) {
+  MAYBE_SKIP_TEST(HaveDtls);
+  PrepareDtls(true, true, rtc::KT_DEFAULT);
+  // Exchange transport descriptions.
+  Negotiate(cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE);
+
+  // Make client2_ writable, but not client1_.
+  EXPECT_TRUE(client2_.Connect(&client1_, true));
+  EXPECT_TRUE_WAIT(client2_.all_raw_channels_writable(), kTimeout);
+
+  // Expect a DTLS ClientHello to be sent even while client1_ isn't writable.
+  EXPECT_EQ_WAIT(1, client1_.received_dtls_client_hellos(), kTimeout);
+  EXPECT_FALSE(client1_.all_raw_channels_writable());
+
+  // Now make client1_ writable and expect the handshake to complete
+  // without client2_ needing to retransmit the ClientHello.
+  EXPECT_TRUE(client1_.Connect(&client2_, true));
+  EXPECT_TRUE_WAIT(
+      client1_.all_channels_writable() && client2_.all_channels_writable(),
+      kTimeout);
+  EXPECT_EQ(1, client1_.received_dtls_client_hellos());
+}
+
+// Test that DTLS completes promptly if a ClientHello is received before the
+// transport channel has a remote fingerprint (allowing a ServerHello to be
+// sent).
+TEST_F(DtlsTransportChannelTest,
+       TestReceiveClientHelloBeforeRemoteFingerprint) {
+  MAYBE_SKIP_TEST(HaveDtls);
+  PrepareDtls(true, true, rtc::KT_DEFAULT);
+  client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
+  client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
+
+  // Make client2_ writable and give it local/remote certs, but don't yet give
+  // client1_ a remote fingerprint.
+  client1_.transport()->SetLocalTransportDescription(
+      MakeTransportDescription(client1_.certificate(),
+                               cricket::CONNECTIONROLE_ACTPASS),
+      cricket::CA_OFFER, nullptr);
+  client2_.Negotiate(&client1_, cricket::CA_ANSWER,
+                     cricket::CONNECTIONROLE_ACTIVE,
+                     cricket::CONNECTIONROLE_ACTPASS, 0);
+  EXPECT_TRUE(client2_.Connect(&client1_, true));
+  EXPECT_TRUE_WAIT(client2_.all_raw_channels_writable(), kTimeout);
+
+  // Expect a DTLS ClientHello to be sent even while client1_ doesn't have a
+  // remote fingerprint.
+  EXPECT_EQ_WAIT(1, client1_.received_dtls_client_hellos(), kTimeout);
+  EXPECT_FALSE(client1_.all_raw_channels_writable());
+
+  // Now make give client1_ its remote fingerprint and make it writable, and
+  // expect the handshake to complete without client2_ needing to retransmit
+  // the ClientHello.
+  client1_.transport()->SetRemoteTransportDescription(
+      MakeTransportDescription(client2_.certificate(),
+                               cricket::CONNECTIONROLE_ACTIVE),
+      cricket::CA_ANSWER, nullptr);
+  EXPECT_TRUE(client1_.Connect(&client2_, true));
+  EXPECT_TRUE_WAIT(
+      client1_.all_channels_writable() && client2_.all_channels_writable(),
+      kTimeout);
+  EXPECT_EQ(1, client1_.received_dtls_client_hellos());
+}
+
 // Test that packets are retransmitted according to the expected schedule.
 // Each time a timeout occurs, the retransmission timer should be doubled up to
 // 60 seconds. The timer defaults to 1 second, but for WebRTC we should be
 // initializing it to 50ms.
 TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
   MAYBE_SKIP_TEST(HaveDtls);
   // We can only change the retransmission schedule with a recently-added
   // BoringSSL API. Skip the test if not built with BoringSSL.
   MAYBE_SKIP_TEST(IsBoringSsl);
 
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   // Exchange transport descriptions.
   Negotiate(cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE);
 
   // Make client2_ writable, but not client1_.
   // This means client1_ will send DTLS client hellos but get no response.
   EXPECT_TRUE(client2_.Connect(&client1_, true));
-  EXPECT_TRUE_SIMULATED_WAIT(client2_.all_raw_channels_writable(), kTimeout,
-                             fake_clock_);
+  EXPECT_TRUE_WAIT(client2_.all_raw_channels_writable(), kTimeout);
 
   // Wait for the first client hello to be sent.
   EXPECT_EQ_WAIT(1, client1_.received_dtls_client_hellos(), kTimeout);
   EXPECT_FALSE(client1_.all_raw_channels_writable());
 
   static int timeout_schedule_ms[] = {50,   100,  200,   400,   800,   1600,
                                       3200, 6400, 12800, 25600, 51200, 60000};
 
   int expected_hellos = 1;
   for (size_t i = 0;
@@ skipping 14 matching lines @@
 // Test that a DTLS connection can be made even if the underlying transport
 // is connected before DTLS fingerprints/roles have been negotiated.
 TEST_F(DtlsTransportChannelTest, TestConnectBeforeNegotiate) {
   MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_ACTIVE,
                       CONNECT_BEFORE_NEGOTIATE));
   TestTransfer(0, 1000, 100, false);
 }
-
-// The following events can occur in many different orders:
-// 1. Caller receives remote fingerprint.
-// 2. Caller is writable.
-// 3. Caller receives ClientHello.
-// 4. DTLS handshake finishes.
-//
-// The tests below cover all causally consistent permutations of these events;
-// the caller must be writable and receive a ClientHello before the handshake
-// finishes, but otherwise any ordering is possible.
-//
-// For each permutation, the test verifies that a connection is established and
-// fingerprint verified without any DTLS packet needing to be retransmitted.
-//
-// Each permutation is also tested with a valid and invalid fingerprint,
-// ensuring that the handshake fails with an invalid fingerprint.
-enum DtlsTransportEvent {
-  CALLER_RECEIVES_FINGERPRINT,
-  CALLER_WRITABLE,
-  CALLER_RECEIVES_CLIENTHELLO,
-  HANDSHAKE_FINISHES
-};
-
-class DtlsEventOrderingTest
-    : public DtlsTransportChannelTestBase,
-      public ::testing::TestWithParam<
-          ::testing::tuple<std::vector<DtlsTransportEvent>, bool>> {
- protected:
-  // If |valid_fingerprint| is false, the caller will receive a fingerprint
-  // that doesn't match the callee's certificate, so the handshake should fail.
-  void TestEventOrdering(const std::vector<DtlsTransportEvent>& events,
-                         bool valid_fingerprint) {
-    // Pre-setup: Set local certificate on both caller and callee, and
-    // remote fingerprint on callee, but neither is writable and the caller
-    // doesn't have the callee's fingerprint.
-    PrepareDtls(true, true, rtc::KT_DEFAULT);
-    // Simulate packets being sent and arriving asynchronously.
-    // Otherwise the entire DTLS handshake would occur in one clock tick, and
-    // we couldn't inject method calls in the middle of it.
-    int simulated_delay_ms = 10;
-    client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING,
-                           simulated_delay_ms);
-    client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED,
-                           simulated_delay_ms);
-    client1_.SetLocalTransportDescription(client1_.certificate(),
-                                          cricket::CA_OFFER,
-                                          cricket::CONNECTIONROLE_ACTPASS, 0);
-    client2_.Negotiate(&client1_, cricket::CA_ANSWER,
-                       cricket::CONNECTIONROLE_ACTIVE,
-                       cricket::CONNECTIONROLE_ACTPASS, 0);
-
-    for (DtlsTransportEvent e : events) {
-      switch (e) {
-        case CALLER_RECEIVES_FINGERPRINT:
-          if (valid_fingerprint) {
-            client1_.SetRemoteTransportDescription(
-                client2_.certificate(), cricket::CA_ANSWER,
-                cricket::CONNECTIONROLE_ACTIVE, 0);
-          } else {
-            // Create a fingerprint with a correct algorithm but an invalid
-            // digest.
-            cricket::TransportDescription remote_desc =
-                MakeTransportDescription(client2_.certificate(),
-                                         cricket::CONNECTIONROLE_ACTIVE);
-            ++(remote_desc.identity_fingerprint->digest[0]);
-            // Even if certificate verification fails inside this method,
-            // it should return true as long as the fingerprint was formatted
-            // correctly.
-            EXPECT_TRUE(client1_.transport()->SetRemoteTransportDescription(
-                remote_desc, cricket::CA_ANSWER, nullptr));
-          }
-          break;
-        case CALLER_WRITABLE:
-          EXPECT_TRUE(client1_.Connect(&client2_, true));
-          EXPECT_TRUE_SIMULATED_WAIT(client1_.all_raw_channels_writable(),
-                                     kTimeout, fake_clock_);
-          break;
-        case CALLER_RECEIVES_CLIENTHELLO:
-          // Sanity check that a ClientHello hasn't already been received.
-          EXPECT_EQ(0, client1_.received_dtls_client_hellos());
-          // Making client2_ writable will cause it to send the ClientHello.
-          EXPECT_TRUE(client2_.Connect(&client1_, true));
-          EXPECT_TRUE_SIMULATED_WAIT(client2_.all_raw_channels_writable(),
-                                     kTimeout, fake_clock_);
-          EXPECT_EQ_SIMULATED_WAIT(1, client1_.received_dtls_client_hellos(),
-                                   kTimeout, fake_clock_);
-          break;
-        case HANDSHAKE_FINISHES:
-          // Sanity check that the handshake hasn't already finished.
-          EXPECT_FALSE(client1_.GetDtlsChannel(0)->IsDtlsConnected() ||
-                       client1_.GetDtlsChannel(0)->dtls_state() ==
-                           cricket::DTLS_TRANSPORT_FAILED);
-          EXPECT_TRUE_SIMULATED_WAIT(
-              client1_.GetDtlsChannel(0)->IsDtlsConnected() ||
-                  client1_.GetDtlsChannel(0)->dtls_state() ==
-                      cricket::DTLS_TRANSPORT_FAILED,
-              kTimeout, fake_clock_);
-          break;
-      }
-    }
-
-    cricket::DtlsTransportState expected_final_state =
-        valid_fingerprint ? cricket::DTLS_TRANSPORT_CONNECTED
-                          : cricket::DTLS_TRANSPORT_FAILED;
-    EXPECT_EQ_SIMULATED_WAIT(expected_final_state,
-                             client1_.GetDtlsChannel(0)->dtls_state(), kTimeout,
-                             fake_clock_);
-    EXPECT_EQ_SIMULATED_WAIT(expected_final_state,
-                             client2_.GetDtlsChannel(0)->dtls_state(), kTimeout,
-                             fake_clock_);
-
-    // Channel should be writable iff there was a valid fingerprint.
-    EXPECT_EQ(valid_fingerprint, client1_.GetDtlsChannel(0)->writable());
-    EXPECT_EQ(valid_fingerprint, client2_.GetDtlsChannel(0)->writable());
-
-    // Check that no hello needed to be retransmitted.
-    EXPECT_EQ(1, client1_.received_dtls_client_hellos());
-    EXPECT_EQ(1, client2_.received_dtls_server_hellos());
-
-    if (valid_fingerprint) {
-      TestTransfer(0, 1000, 100, false);
-    }
-  }
-};
-
-TEST_P(DtlsEventOrderingTest, TestEventOrdering) {
-  MAYBE_SKIP_TEST(HaveDtls);
-  TestEventOrdering(::testing::get<0>(GetParam()),
-                    ::testing::get<1>(GetParam()));
-}
-
-INSTANTIATE_TEST_CASE_P(
-    TestEventOrdering,
-    DtlsEventOrderingTest,
-    ::testing::Combine(
-        ::testing::Values(
-            std::vector<DtlsTransportEvent>{
-                CALLER_RECEIVES_FINGERPRINT, CALLER_WRITABLE,
-                CALLER_RECEIVES_CLIENTHELLO, HANDSHAKE_FINISHES},
-            std::vector<DtlsTransportEvent>{
-                CALLER_WRITABLE, CALLER_RECEIVES_FINGERPRINT,
-                CALLER_RECEIVES_CLIENTHELLO, HANDSHAKE_FINISHES},
-            std::vector<DtlsTransportEvent>{
-                CALLER_WRITABLE, CALLER_RECEIVES_CLIENTHELLO,
-                CALLER_RECEIVES_FINGERPRINT, HANDSHAKE_FINISHES},
-            std::vector<DtlsTransportEvent>{
-                CALLER_WRITABLE, CALLER_RECEIVES_CLIENTHELLO,
-                HANDSHAKE_FINISHES, CALLER_RECEIVES_FINGERPRINT},
-            std::vector<DtlsTransportEvent>{
-                CALLER_RECEIVES_FINGERPRINT, CALLER_RECEIVES_CLIENTHELLO,
-                CALLER_WRITABLE, HANDSHAKE_FINISHES},
-            std::vector<DtlsTransportEvent>{
-                CALLER_RECEIVES_CLIENTHELLO, CALLER_RECEIVES_FINGERPRINT,
-                CALLER_WRITABLE, HANDSHAKE_FINISHES},
-            std::vector<DtlsTransportEvent>{
-                CALLER_RECEIVES_CLIENTHELLO, CALLER_WRITABLE,
-                CALLER_RECEIVES_FINGERPRINT, HANDSHAKE_FINISHES},
-            std::vector<DtlsTransportEvent>{CALLER_RECEIVES_CLIENTHELLO,
-                                            CALLER_WRITABLE, HANDSHAKE_FINISHES,
-                                            CALLER_RECEIVES_FINGERPRINT}),
-        ::testing::Bool()));