Check duplicate extensions before processing.

ClientHello and ServerHello are not allowed to include duplicate extensions.
Add a new helper function to check this and call as appropriate. Remove ad-hoc
per-extension duplicate checks which are no unnecessary.

Add runner.go tests to verify such message correctly rejected.

Change-Id: I7babd5b642dfec941459512869e2dd6de26a831c
Reviewed-by: Adam Langley <>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index fd78eb6..df7cacf 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -345,6 +345,10 @@
 	// FailIfNotFallbackSCSV causes a server handshake to fail if the
 	// client doesn't send the fallback SCSV value.
 	FailIfNotFallbackSCSV bool
+	// DuplicateExtension causes an extra empty extension of bogus type to
+	// be emitted in either the ClientHello or the ServerHello.
+	DuplicateExtension bool
 func (c *Config) serverInit() {