Add server-side support for Signed Certificate Timestamps.

Change-Id: Ifa44fef160fc9d67771eed165f8fc277f28a0222
Reviewed-on: https://boringssl-review.googlesource.com/5840
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 3c077bf..5259dae 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -157,6 +157,8 @@
 	expectedSRTPProtectionProfile uint16
 	// expectedOCSPResponse, if not nil, is the expected OCSP response to be received.
 	expectedOCSPResponse []uint8
+	// expectedSCTList, if not nil, is the expected SCT list to be received.
+	expectedSCTList []uint8
 	// messageLen is the length, in bytes, of the test message that will be
 	// sent.
 	messageLen int
@@ -334,6 +336,10 @@
 		return fmt.Errorf("OCSP Response mismatch")
 	}
 
+	if test.expectedSCTList != nil && !bytes.Equal(test.expectedSCTList, connState.SCTList) {
+		return fmt.Errorf("SCT list mismatch")
+	}
+
 	if test.exportKeyingMaterial > 0 {
 		actual := make([]byte, test.exportKeyingMaterial)
 		if _, err := io.ReadFull(tlsConn, actual); err != nil {
@@ -3428,7 +3434,8 @@
 	})
 	// Test SCT list.
 	testCases = append(testCases, testCase{
-		name: "SignedCertificateTimestampList",
+		name: "SignedCertificateTimestampList-Client",
+		testType: clientTest,
 		flags: []string{
 			"-enable-signed-cert-timestamps",
 			"-expect-signed-cert-timestamps",
@@ -3436,6 +3443,15 @@
 		},
 	})
 	testCases = append(testCases, testCase{
+		name: "SignedCertificateTimestampList-Server",
+		testType: serverTest,
+		flags: []string{
+			"-signed-cert-timestamps",
+			base64.StdEncoding.EncodeToString(testSCTList),
+		},
+		expectedSCTList: testSCTList,
+	})
+	testCases = append(testCases, testCase{
 		testType: clientTest,
 		name:     "ClientHelloPadding",
 		config: Config{