external/boringssl: Sync to c3889634a1aa52575c5d26497696238208fbd0f5.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/41c10e2b5f37edce8b9f292f7f3bacb7e30e25c4..c3889634a1aa52575c5d26497696238208fbd0f5
Test: atest CtsLibcoreTestCases
Change-Id: Ia1c2941ccf58a9e0d736b3409a2d13c21603a205
diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go
index 5486342..d2ef9b4 100644
--- a/src/ssl/test/runner/handshake_server.go
+++ b/src/ssl/test/runner/handshake_server.go
@@ -881,10 +881,10 @@
data: certData,
}
if i == 0 {
- if hs.clientHello.ocspStapling {
+ if hs.clientHello.ocspStapling && !c.config.Bugs.NoOCSPStapling {
cert.ocspResponse = hs.cert.OCSPStaple
}
- if hs.clientHello.sctListSupported {
+ if hs.clientHello.sctListSupported && !c.config.Bugs.NoSignedCertificateTimestamps {
cert.sctList = hs.cert.SignedCertificateTimestampList
}
cert.duplicateExtensions = config.Bugs.SendDuplicateCertExtensions
@@ -1577,11 +1577,11 @@
c := hs.c
isPSK := hs.suite.flags&suitePSK != 0
- if !isPSK && hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 {
+ if !isPSK && hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 && !c.config.Bugs.NoOCSPStapling {
hs.hello.extensions.ocspStapling = true
}
- if hs.clientHello.sctListSupported && len(hs.cert.SignedCertificateTimestampList) > 0 {
+ if hs.clientHello.sctListSupported && len(hs.cert.SignedCertificateTimestampList) > 0 && !c.config.Bugs.NoSignedCertificateTimestamps {
hs.hello.extensions.sctList = hs.cert.SignedCertificateTimestampList
}