- disable SHA1 invalid signature tests
- test for golang sending an internal error alert when
we don't offer its selected signature algorithm
- also look for 'no common signature algorithms' in SHA1 tests
- bogo_shim needs quic feature
- provide/check quic transport params in bogo_shim
- reject servers that handshake at TLS1.2, but include a quic transport
params extension.
- don't expose quic transport params extension for TLS1.2 clients.
These last two match BoringSSL.
Also:
- use it for bogo_shim, which previously used DANGEROUS_DISABLE_VERIFY.
bogo_shim now only built with dangerous_configuration.
- require a non-empty certificate list outside the external verifier;
this is a internal invariant.
- Abolish ASN1Cert in preference to key::Certificate
- in shim, support versions for server tests.
- check handshake defragmenter is aligned on key changes (like ccs)
- don't include SupportedVersions ext if it would be empty
- don't offer or support PSK_KE in clients (no pfs)
- tighten validation of hrr extensions
- tighten validation of encrypted extensions
- tighten validation of certificate extensions
- alter assorted alert descriptions
- if a server sends an ECPointFormats extension (they typically don't)
check it contains Uncompressed.
- tighten validation of certificate messages/extensions
- tighten validation of client certreq message
- tighten validation of keyshares extensions received by server
- loosen suite compatiblity check on resumption by client
- Fix a duplicated enum.
- Don't special-case HelloRequest for TLS1.3
- Do extra TLS1.3-specific validation of ServerHello to check
for inappropriate extensions.
- If the client doesn't offer DHE_KE, don't send a ticket or resume from one.