From 80d1b35520127a83cde953249c4533360c27a5df Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 4 May 2016 19:19:06 -0400
Subject: [PATCH] Add a test for SCTs sent on resume.

The specification, sadly, did not say that servers MUST NOT send it, only that
they are "not expected to" do anything with the client extension. Accordingly,
we decided to tolerate this. Add a test for this so that we check this
behavior.

This test also ensures that the original session's value for it carries over.

Change-Id: I38c738f218a09367c9d8d1b0c4d68ab5cbec730e
Reviewed-on: https://boringssl-review.googlesource.com/7860
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/test/runner/common.go           |  4 ++++
 ssl/test/runner/handshake_server.go |  4 ++++
 ssl/test/runner/runner.go           | 14 ++++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 2e9ce045..679969dd 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -834,6 +834,10 @@ type ProtocolBugs struct {
 	// NullAllCiphers, if true, causes every cipher to behave like the null
 	// cipher.
 	NullAllCiphers bool
+
+	// SendSCTListOnResume, if not nil, causes the server to send the
+	// supplied SCT list in resumption handshakes.
+	SendSCTListOnResume []byte
 }
 
 func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index d2cac98c..72d1eb99 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -488,6 +488,10 @@ func (hs *serverHandshakeState) doResumeHandshake() error {
 	hs.hello.sessionId = hs.clientHello.sessionId
 	hs.hello.ticketSupported = c.config.Bugs.RenewTicketOnResume
 
+	if c.config.Bugs.SendSCTListOnResume != nil {
+		hs.hello.sctList = c.config.Bugs.SendSCTListOnResume
+	}
+
 	hs.finishedHash = newFinishedHash(c.vers, hs.suite)
 	hs.finishedHash.discardHandshakeBuffer()
 	hs.writeClientHash(hs.clientHello.marshal())
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index e2121087..11b75e4c 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -3878,6 +3878,20 @@ func addExtensionTests() {
 		},
 		resumeSession: true,
 	})
+	testCases = append(testCases, testCase{
+		name: "SendSCTListOnResume",
+		config: Config{
+			Bugs: ProtocolBugs{
+				SendSCTListOnResume: []byte("bogus"),
+			},
+		},
+		flags: []string{
+			"-enable-signed-cert-timestamps",
+			"-expect-signed-cert-timestamps",
+			base64.StdEncoding.EncodeToString(testSCTList),
+		},
+		resumeSession: true,
+	})
 	testCases = append(testCases, testCase{
 		name:     "SignedCertificateTimestampList-Server",
 		testType: serverTest,