Add server-side support for Signed Certificate Timestamps.
Change-Id: Ifa44fef160fc9d67771eed165f8fc277f28a0222
Reviewed-on: https://boringssl-review.googlesource.com/5840
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3c077bf..5259dae 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -157,6 +157,8 @@
expectedSRTPProtectionProfile uint16
// expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
expectedOCSPResponse []uint8
+ // expectedSCTList, if not nil, is the expected SCT list to be received.
+ expectedSCTList []uint8
// messageLen is the length, in bytes, of the test message that will be
// sent.
messageLen int
@@ -334,6 +336,10 @@
return fmt.Errorf("OCSP Response mismatch")
}
+ if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
+ return fmt.Errorf("SCT list mismatch")
+ }
+
if test.exportKeyingMaterial > 0 {
actual := make([]byte, test.exportKeyingMaterial)
if _, err := io.ReadFull(tlsConn, actual); err != nil {
@@ -3428,7 +3434,8 @@
})
// Test SCT list.
testCases = append(testCases, testCase{
- name: "SignedCertificateTimestampList",
+ name: "SignedCertificateTimestampList-Client",
+ testType: clientTest,
flags: []string{
"-enable-signed-cert-timestamps",
"-expect-signed-cert-timestamps",
@@ -3436,6 +3443,15 @@
},
})
testCases = append(testCases, testCase{
+ name: "SignedCertificateTimestampList-Server",
+ testType: serverTest,
+ flags: []string{
+ "-signed-cert-timestamps",
+ base64.StdEncoding.EncodeToString(testSCTList),
+ },
+ expectedSCTList: testSCTList,
+ })
+ testCases = append(testCases, testCase{
testType: clientTest,
name: "ClientHelloPadding",
config: Config{