Test client certificates carry over on session resumption.

We have tests for this as a server, but none as a client. Extend the
certificate verification tests here. This is in preparation for ensuring
that TLS 1.3 session resumption works correctly.

Change-Id: I9ab9f42838ffd69f73fbd877b0cdfaf31caea707
Reviewed-on: https://boringssl-review.googlesource.com/9111
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/bssl_shim.cc

@@ -1212,19 +1212,18 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
     }
   }
 
-  if (!config->is_server) {
+  if (!config->psk.empty()) {
-    /* Clients should expect a peer certificate chain iff this was not a PSK
+    if (SSL_get_peer_cert_chain(ssl) != nullptr) {
-     * cipher suite. */
+      fprintf(stderr, "Received peer certificate on a PSK cipher.\n");
-    if (config->psk.empty()) {
+      return false;
+    }
+  } else if (!config->is_server || config->require_any_client_certificate) {
     if (SSL_get_peer_cert_chain(ssl) == nullptr) {
-        fprintf(stderr, "Missing peer certificate chain!\n");
+      fprintf(stderr, "Received no peer certificate but expected one.\n");
-        return false;
-      }
-    } else if (SSL_get_peer_cert_chain(ssl) != nullptr) {
-      fprintf(stderr, "Unexpected peer certificate chain!\n");
       return false;
     }
   }
+
   return true;
 }
 

ssl/test/runner/runner.go

@@ -3413,40 +3413,64 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
 		if config.protocol == dtls && !vers.hasDTLS {
 			continue
 		}
+		for _, testType := range []testType{clientTest, serverTest} {
+			suffix := "-Client"
+			if testType == serverTest {
+				suffix = "-Server"
+			}
+			suffix += "-" + vers.name
+
+			flag := "-verify-peer"
+			if testType == serverTest {
+				flag = "-require-any-client-certificate"
+			}
+
 			tests = append(tests, testCase{
-			testType: clientTest,
+				testType: testType,
-			name:     "CertificateVerificationSucceed-" + vers.name,
+				name:     "CertificateVerificationSucceed" + suffix,
 				config: Config{
 					MaxVersion:   vers.version,
+					Certificates: []Certificate{rsaCertificate},
 				},
 				flags: []string{
-				"-verify-peer",
+					flag,
+					"-expect-verify-result",
 				},
+				// TODO(davidben): Enable this when resumption is
+				// implemented in TLS 1.3.
 				resumeSession: vers.version != VersionTLS13,
 			})
 			tests = append(tests, testCase{
-			testType: clientTest,
+				testType: testType,
-			name:     "CertificateVerificationFail-" + vers.name,
+				name:     "CertificateVerificationFail" + suffix,
 				config: Config{
 					MaxVersion:   vers.version,
+					Certificates: []Certificate{rsaCertificate},
 				},
 				flags: []string{
+					flag,
 					"-verify-fail",
-				"-verify-peer",
 				},
 				shouldFail:    true,
 				expectedError: ":CERTIFICATE_VERIFY_FAILED:",
 			})
+		}
+
+		// By default, the client is in a soft fail mode where the peer
+		// certificate is verified but failures are non-fatal.
 		tests = append(tests, testCase{
 			testType: clientTest,
 			name:     "CertificateVerificationSoftFail-" + vers.name,
 			config: Config{
 				MaxVersion:   vers.version,
+				Certificates: []Certificate{rsaCertificate},
 			},
 			flags: []string{
 				"-verify-fail",
 				"-expect-verify-result",
 			},
+			// TODO(davidben): Enable this when resumption is
+			// implemented in TLS 1.3.
 			resumeSession: vers.version != VersionTLS13,
 		})
 	}