Cut down on some redundant flags.

We have fancy -on-initial and -on-resume prefixes now that can apply to
every flag.

Change-Id: I6195a97f663ebc94db320ca35889c213c700a976
Reviewed-on: https://boringssl-review.googlesource.com/19666
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/test/bssl_shim.cc

@@ -1569,19 +1569,15 @@ static bool CheckAuthProperties(SSL *ssl, bool is_resume,
     }
   }
 
-  bool expected_sha256_client_cert = config->expect_sha256_client_cert_initial;
-  if (is_resume) {
-    expected_sha256_client_cert = config->expect_sha256_client_cert_resume;
-  }
-
-  if (SSL_get_session(ssl)->peer_sha256_valid != expected_sha256_client_cert) {
+  if (SSL_get_session(ssl)->peer_sha256_valid !=
+      config->expect_sha256_client_cert) {
     fprintf(stderr,
             "Unexpected SHA-256 client cert state: expected:%d is_resume:%d.\n",
-            expected_sha256_client_cert, is_resume);
+            config->expect_sha256_client_cert, is_resume);
     return false;
   }
 
-  if (expected_sha256_client_cert &&
+  if (config->expect_sha256_client_cert &&
       SSL_get_session(ssl)->certs != nullptr) {
     fprintf(stderr, "Have both client cert and SHA-256 hash: is_resume:%d.\n",
             is_resume);
@@ -2025,10 +2021,7 @@ static bool DoConnection(bssl::UniquePtr<SSL_SESSION> *out_session,
   if (config->max_cert_list > 0) {
     SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
   }
-  if (!is_resume && config->retain_only_sha256_client_cert_initial) {
-    SSL_set_retain_only_sha256_of_client_certs(ssl.get(), 1);
-  }
-  if (is_resume && config->retain_only_sha256_client_cert_resume) {
+  if (config->retain_only_sha256_client_cert) {
     SSL_set_retain_only_sha256_of_client_certs(ssl.get(), 1);
   }
   if (config->max_send_fragment > 0) {

ssl/test/runner/runner.go

@@ -12296,8 +12296,8 @@ func addRetainOnlySHA256ClientCertTests() {
 			},
 			tls13Variant: ver.tls13Variant,
 			flags: []string{
-				"-retain-only-sha256-client-cert-initial",
-				"-retain-only-sha256-client-cert-resume",
+				"-on-initial-retain-only-sha256-client-cert",
+				"-on-resume-retain-only-sha256-client-cert",
 			},
 			resumeSession: true,
 		})
@@ -12315,10 +12315,10 @@ func addRetainOnlySHA256ClientCertTests() {
 			tls13Variant: ver.tls13Variant,
 			flags: []string{
 				"-verify-peer",
-				"-retain-only-sha256-client-cert-initial",
-				"-retain-only-sha256-client-cert-resume",
-				"-expect-sha256-client-cert-initial",
-				"-expect-sha256-client-cert-resume",
+				"-on-initial-retain-only-sha256-client-cert",
+				"-on-resume-retain-only-sha256-client-cert",
+				"-on-initial-expect-sha256-client-cert",
+				"-on-resume-expect-sha256-client-cert",
 			},
 			resumeSession: true,
 		})
@@ -12337,8 +12337,8 @@ func addRetainOnlySHA256ClientCertTests() {
 			tls13Variant: ver.tls13Variant,
 			flags: []string{
 				"-verify-peer",
-				"-retain-only-sha256-client-cert-initial",
-				"-expect-sha256-client-cert-initial",
+				"-on-initial-retain-only-sha256-client-cert",
+				"-on-initial-expect-sha256-client-cert",
 			},
 			resumeSession:        true,
 			expectResumeRejected: true,
@@ -12358,8 +12358,8 @@ func addRetainOnlySHA256ClientCertTests() {
 			tls13Variant: ver.tls13Variant,
 			flags: []string{
 				"-verify-peer",
-				"-retain-only-sha256-client-cert-resume",
-				"-expect-sha256-client-cert-resume",
+				"-on-resume-retain-only-sha256-client-cert",
+				"-on-resume-expect-sha256-client-cert",
 			},
 			resumeSession:        true,
 			expectResumeRejected: true,

ssl/test/test_config.cc

@@ -108,14 +108,10 @@ const Flag<bool> kBoolFlags[] = {
   { "-peek-then-read", &TestConfig::peek_then_read },
   { "-enable-grease", &TestConfig::enable_grease },
   { "-use-exporter-between-reads", &TestConfig::use_exporter_between_reads },
-  { "-retain-only-sha256-client-cert-initial",
-    &TestConfig::retain_only_sha256_client_cert_initial },
-  { "-retain-only-sha256-client-cert-resume",
-    &TestConfig::retain_only_sha256_client_cert_resume },
-  { "-expect-sha256-client-cert-initial",
-    &TestConfig::expect_sha256_client_cert_initial },
-  { "-expect-sha256-client-cert-resume",
-    &TestConfig::expect_sha256_client_cert_resume },
+  { "-retain-only-sha256-client-cert",
+    &TestConfig::retain_only_sha256_client_cert },
+  { "-expect-sha256-client-cert",
+    &TestConfig::expect_sha256_client_cert },
   { "-read-with-unfinished-write", &TestConfig::read_with_unfinished_write },
   { "-expect-secure-renegotiation",
     &TestConfig::expect_secure_renegotiation },

ssl/test/test_config.h

@@ -128,10 +128,8 @@ struct TestConfig {
   int expect_cipher_no_aes = 0;
   std::string expect_peer_cert_file;
   int resumption_delay = 0;
-  bool retain_only_sha256_client_cert_initial = false;
-  bool retain_only_sha256_client_cert_resume = false;
-  bool expect_sha256_client_cert_initial = false;
-  bool expect_sha256_client_cert_resume = false;
+  bool retain_only_sha256_client_cert = false;
+  bool expect_sha256_client_cert = false;
   bool read_with_unfinished_write = false;
   bool expect_secure_renegotiation = false;
   bool expect_no_secure_renegotiation = false;