Add a test for SCTs sent on resume.

The specification, sadly, did not say that servers MUST NOT send it, only that
they are "not expected to" do anything with the client extension. Accordingly,
we decided to tolerate this. Add a test for this so that we check this
behavior.

This test also ensures that the original session's value for it carries over.

Change-Id: I38c738f218a09367c9d8d1b0c4d68ab5cbec730e
Reviewed-on: https://boringssl-review.googlesource.com/7860
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/common.go

@@ -834,6 +834,10 @@ type ProtocolBugs struct {
 	// NullAllCiphers, if true, causes every cipher to behave like the null
 	// cipher.
 	NullAllCiphers bool
+
+	// SendSCTListOnResume, if not nil, causes the server to send the
+	// supplied SCT list in resumption handshakes.
+	SendSCTListOnResume []byte
 }
 
 func (c *Config) serverInit() {

ssl/test/runner/handshake_server.go

@@ -488,6 +488,10 @@ func (hs *serverHandshakeState) doResumeHandshake() error {
 	hs.hello.sessionId = hs.clientHello.sessionId
 	hs.hello.ticketSupported = c.config.Bugs.RenewTicketOnResume
 
+	if c.config.Bugs.SendSCTListOnResume != nil {
+		hs.hello.sctList = c.config.Bugs.SendSCTListOnResume
+	}
+
 	hs.finishedHash = newFinishedHash(c.vers, hs.suite)
 	hs.finishedHash.discardHandshakeBuffer()
 	hs.writeClientHash(hs.clientHello.marshal())

ssl/test/runner/runner.go

@@ -3878,6 +3878,20 @@ func addExtensionTests() {
 		},
 		resumeSession: true,
 	})
+	testCases = append(testCases, testCase{
+		name: "SendSCTListOnResume",
+		config: Config{
+			Bugs: ProtocolBugs{
+				SendSCTListOnResume: []byte("bogus"),
+			},
+		},
+		flags: []string{
+			"-enable-signed-cert-timestamps",
+			"-expect-signed-cert-timestamps",
+			base64.StdEncoding.EncodeToString(testSCTList),
+		},
+		resumeSession: true,
+	})
 	testCases = append(testCases, testCase{
 		name:     "SignedCertificateTimestampList-Server",
 		testType: serverTest,