Add OCSP stapling and SCT list support to 1.3 servers in Go. Change-Id: Iee1ff6032ea4188440e191f98f07d84fed7ac36d Reviewed-on: https://boringssl-review.googlesource.com/8630 Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go index fba1927..db0b358 100644 --- a/ssl/test/runner/handshake_server.go +++ b/ssl/test/runner/handshake_server.go
@@ -391,6 +391,15 @@ c.out.updateKeys(deriveTrafficAEAD(c.vers, hs.suite, handshakeTrafficSecret, handshakePhase, serverWrite), c.vers) c.in.updateKeys(deriveTrafficAEAD(c.vers, hs.suite, handshakeTrafficSecret, handshakePhase, clientWrite), c.vers) + if hs.suite.flags&suitePSK != 0 { + if hs.clientHello.ocspStapling { + encryptedExtensions.extensions.ocspResponse = hs.cert.OCSPStaple + } + if hs.clientHello.sctListSupported { + encryptedExtensions.extensions.sctList = hs.cert.SignedCertificateTimestampList + } + } + // Send EncryptedExtensions. hs.writeServerHash(encryptedExtensions.marshal()) c.writeRecord(recordTypeHandshake, encryptedExtensions.marshal())