Handle empty curve preferences from the client.
See upstream's bd891f098bdfcaa285c073ce556d0f5e27ec3a10. It honestly seems
kinda dumb for a client to do this, but apparently the spec allows this.
Judging by code inspection, OpenSSL 1.0.1 also allowed this, so this avoids a
behavior change when switching from 1.0.1 to BoringSSL.
Add a test for this, which revealed that, unlike upstream's version, this
actually works with ecdh_auto since tls1_get_shared_curve also needs updating.
(To be mentioned in newsletter.)
Reviewed-by: Adam Langley <email@example.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 75fa4b4..4ac7250 100644
@@ -597,6 +597,10 @@
// still be enforced.
+ // NoSupportedCurves, if true, causes the client to omit the
+ // supported_curves extension.
+ NoSupportedCurves bool
// RequireSameRenegoClientVersion, if true, causes the server
// to require that all ClientHellos match in offered version
// across a renego.