Add tests for certificate mismatch.

Cover another mildly interesting error case.

Change-Id: Ice773af79f5e03f39f0cd2a9e158bae03e065392
Reviewed-on: https://boringssl-review.googlesource.com/2841
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 443d464..774c7a3 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -594,6 +594,11 @@
 	// MaxPacketLength, if non-zero, is the maximum acceptable size for a
 	// packet.
 	MaxPacketLength int
+
+	// SendCipherSuite, if non-zero, is the cipher suite value that the
+	// server will send in the ServerHello. This does not affect the cipher
+	// the server believes it has actually negotiated.
+	SendCipherSuite uint16
 }
 
 func (c *Config) serverInit() {
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 284f314..f811fb2 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -444,6 +444,9 @@
 
 	hs.hello.ticketSupported = hs.clientHello.ticketSupported && !config.SessionTicketsDisabled && c.vers > VersionSSL30
 	hs.hello.cipherSuite = hs.suite.id
+	if config.Bugs.SendCipherSuite != 0 {
+		hs.hello.cipherSuite = config.Bugs.SendCipherSuite
+	}
 	c.extendedMasterSecret = hs.hello.extendedMasterSecret
 
 	// Generate a session ID if we're to save the session.
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 2342682..3e1e7b4 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -588,6 +588,30 @@
 		shouldFail:         true,
 		expectedLocalError: "dtls: exceeded maximum packet length",
 	},
+	{
+		name: "CertMismatchRSA",
+		config: Config{
+			CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+			Certificates: []Certificate{getECDSACertificate()},
+			Bugs: ProtocolBugs{
+				SendCipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":WRONG_CERTIFICATE_TYPE:",
+	},
+	{
+		name: "CertMismatchECDSA",
+		config: Config{
+			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+			Certificates: []Certificate{getRSACertificate()},
+			Bugs: ProtocolBugs{
+				SendCipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":WRONG_CERTIFICATE_TYPE:",
+	},
 }
 
 func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error {