Don't check certificates against the curve list in TLS 1.3. That instead happens via signature algorithms, which will be done in a follow-up commit. Change-Id: I97bc4646319dddbff62552244b0dd7e9bb2650ef Reviewed-on: https://boringssl-review.googlesource.com/8700 Reviewed-by: David Benjamin <davidben@google.com>

commit: 75ea5bb1871f642229fba8260e278abc8d064ef1 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Jul 08 17:43:29 2016 -0700
committer: David Benjamin <davidben@google.com> Tue Jul 12 18:27:05 2016 +0000
tree: 121da88342587a80c3faec229d6f9d404db8cf01
parent: 3386326d2b8253ca0b35458a1fce3b89deb4e4b2 [diff] [blame]
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3fcfadd..5e424ca 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -5041,9 +5041,6 @@
 
 	// In TLS 1.2 and below, ECDSA uses the curve list rather than the
 	// signature algorithms.
-	//
-	// TODO(davidben): Add a TLS 1.3 version of this test where the mismatch
-	// is allowed.
 	testCases = append(testCases, testCase{
 		name: "CheckLeafCurve",
 		config: Config{
@@ -5055,6 +5052,17 @@
 		shouldFail:    true,
 		expectedError: ":BAD_ECC_CERT:",
 	})
+
+	// In TLS 1.3, ECDSA does not use the ECDHE curve list.
+	testCases = append(testCases, testCase{
+		name: "CheckLeafCurve-TLS13",
+		config: Config{
+			MaxVersion:   VersionTLS13,
+			CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+			Certificates: []Certificate{ecdsaP256Certificate},
+		},
+		flags: []string{"-p384-only"},
+	})
 }
 
 // timeouts is the retransmit schedule for BoringSSL. It doubles and
commit	75ea5bb1871f642229fba8260e278abc8d064ef1	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Jul 08 17:43:29 2016 -0700
committer	David Benjamin <davidben@google.com>	Tue Jul 12 18:27:05 2016 +0000
tree	121da88342587a80c3faec229d6f9d404db8cf01
parent	3386326d2b8253ca0b35458a1fce3b89deb4e4b2 [diff] [blame]