tris: update tests to track draft 22

Force boringssl client and server to use draft 22 instead of draft 18.
Other clients (tstclnt from NSS, picotls) support only draft 22.

Disable mint, it only supports draft 21.

.travis.yml

@@ -11,7 +11,7 @@ env:
   - MODE=interop CLIENT=boring SERVER=boring
   - MODE=interop CLIENT=tstclnt SERVER=tstclnt
   - MODE=interop CLIENT=picotls ZRTT=1
-  - MODE=interop CLIENT=mint
+# - MODE=interop CLIENT=mint    # does not support draft 22
   - MODE=bogo
   - MODE=gotest
   - MODE=interop CLIENT=tstclnt ZRTT=1
@@ -22,8 +22,6 @@ matrix:
   fast_finish: true
   allow_failures:
     - env: MODE=interop CLIENT=boring REVISION=origin/master
-    - env: MODE=interop CLIENT=tstclnt REVISION=default ZRTT=1
-    - env: MODE=interop CLIENT=tstclnt ZRTT=1 # crashes on close_notify in 0.5RTT
 
 install:
   - if [ "$MODE" = "interop" ]; then ./_dev/tris-localserver/start.sh -d && docker ps -a; fi

_dev/bogo/Dockerfile

@@ -12,7 +12,13 @@ RUN git clone https://github.com/FiloSottile/crypto-tls-bogo-shim \
     /go/src/github.com/FiloSottile/crypto-tls-bogo-shim
 
 # Draft 18 with client-tests branch
-ARG REVISION=3f5e87d6a1931b6f6930e4eadb7b2d0b2aa7c588
+#ARG REVISION=3f5e87d6a1931b6f6930e4eadb7b2d0b2aa7c588
+
+# Draft 22 with draft22 branch
+#ARG REVISION=81cc32b846c9fe2ea32613287e57a6a0db7bbb9a
+
+# Draft 22 with draft22-client branch (client-tests + draft22)
+ARG REVISION=f9729b5e4eafb1f1d313949388c3c2b167e84734
 
 RUN cd /go/src/github.com/FiloSottile/crypto-tls-bogo-shim && \
     git checkout $REVISION

_dev/boring/Dockerfile

@@ -38,6 +38,12 @@ RUN mkdir boringssl/build
 # Draft 18, but with "bssl server -loop -www" support and build fix
 ARG REVISION=40b24c8154
 
+# Draft 21
+#ARG REVISION=cd8470f
+
+# Draft 22
+ARG REVISION=1530ef3e
+
 RUN cd boringssl && git fetch
 RUN cd boringssl && git checkout $REVISION
 RUN cd boringssl/build && cmake -GNinja ..

_dev/boring/run.sh

@@ -2,7 +2,7 @@
 set -e
 
 /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
-	-session-out /session -connect "$@" < /httpreq.txt
+	-tls13-variant draft22 -session-out /session -connect "$@" < /httpreq.txt
 exec /boringssl/build/tool/bssl client -grease -min-version tls1.3 -max-version tls1.3 \
-	-session-in /session -connect "$@" < /httpreq.txt
+	-tls13-variant draft22 -session-in /session -connect "$@" < /httpreq.txt
 

_dev/boring/server.sh

@@ -6,12 +6,14 @@ set -x
 bssl server \
     -key rsa.pem \
     -min-version tls1.2 -max-version tls1.3 \
+    -tls13-draft22-variant \
     -accept 1443 -loop -www 2>&1 &
 
 # ECDSA
 bssl server \
     -key ecdsa.pem \
     -min-version tls1.2 -max-version tls1.3 \
+    -tls13-draft22-variant \
     -accept 2443 -loop -www 2>&1 &
 
 wait

_dev/picotls/Dockerfile

@@ -10,7 +10,12 @@ RUN apk add --update \
 
 RUN git clone https://github.com/h2o/picotls
 
-ARG REVISION=a6c1c65
+# Draft -18
+#ARG REVISION=a6c1c65
+
+# Draft -22
+ARG REVISION=843ccdc
+
 RUN cd picotls && git fetch && git checkout $REVISION
 
 RUN cd picotls && git submodule update --init

_dev/tstclnt/Dockerfile

@@ -18,7 +18,10 @@ ENV USE_64=1 NSS_ENABLE_TLS_1_3=1
 # ARG REVISION=b6dfef6d0ff0
 
 # Draft 18, NSS_3_34_1_RTM (with TLS 1.3 keylogging support)
-ARG REVISION=e61c0f657100
+# ARG REVISION=e61c0f657100
+
+# Draft 22
+ARG REVISION=88c3f3fa581b
 
 RUN cd nss && hg pull
 RUN cd nss && hg checkout -C $REVISION