Skip the SCT and OCSP extensions in ServerHello when resuming sessions.

SCT and OCSP are part of the session data and as such shouldn't be sent
again to the client when resuming.

Change-Id: Iaee3a3c4c167ea34b91504929e38aadee37da572
Reviewed-on: https://boringssl-review.googlesource.com/5900
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index be2d4cb..039d164 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -216,6 +216,8 @@
 	handshakeHash        []byte              // Handshake hash for Channel ID purposes.
 	serverCertificates   []*x509.Certificate // Certificate chain presented by the server
 	extendedMasterSecret bool                // Whether an extended master secret was used to generate the session
+	sctList              []byte
+	ocspResponse         []byte
 }
 
 // ClientSessionCache is a cache of ClientSessionState objects that can be used
diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
index b96ced7..a3ce686 100644
--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -373,10 +373,6 @@
 	copy(c.serverRandom[:], hs.serverHello.random)
 	copy(c.masterSecret[:], hs.masterSecret)
 
-	if len(hs.serverHello.sctList) > 0 {
-		c.sctList = hs.serverHello.sctList
-	}
-
 	return nil
 }
 
@@ -754,13 +750,28 @@
 			return false, errors.New("tls: server resumed session on renegotiation")
 		}
 
+		if hs.serverHello.sctList != nil {
+			return false, errors.New("tls: server sent SCT extension on session resumption")
+		}
+
+		if hs.serverHello.ocspStapling {
+			return false, errors.New("tls: server sent OCSP extension on session resumption")
+		}
+
 		// Restore masterSecret and peerCerts from previous state
 		hs.masterSecret = hs.session.masterSecret
 		c.peerCertificates = hs.session.serverCertificates
 		c.extendedMasterSecret = hs.session.extendedMasterSecret
+		c.sctList = hs.session.sctList
+		c.ocspResponse = hs.session.ocspResponse
 		hs.finishedHash.discardHandshakeBuffer()
 		return true, nil
 	}
+
+	if hs.serverHello.sctList != nil {
+		c.sctList = hs.serverHello.sctList
+	}
+
 	return false, nil
 }
 
@@ -807,6 +818,8 @@
 		masterSecret:       hs.masterSecret,
 		handshakeHash:      hs.finishedHash.server.Sum(nil),
 		serverCertificates: c.peerCertificates,
+		sctList:            c.sctList,
+		ocspResponse:       c.ocspResponse,
 	}
 
 	if !hs.serverHello.ticketSupported {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index a2dc562..819f1ea 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2637,6 +2637,7 @@
 			base64.StdEncoding.EncodeToString(testOCSPResponse),
 			"-verify-peer",
 		},
+		resumeSession: true,
 	})
 
 	tests = append(tests, testCase{
@@ -2647,6 +2648,7 @@
 			"-ocsp-response",
 			base64.StdEncoding.EncodeToString(testOCSPResponse),
 		},
+		resumeSession: true,
 	})
 
 	tests = append(tests, testCase{
@@ -3446,6 +3448,7 @@
 			"-expect-signed-cert-timestamps",
 			base64.StdEncoding.EncodeToString(testSCTList),
 		},
+		resumeSession: true,
 	})
 	testCases = append(testCases, testCase{
 		name:     "SignedCertificateTimestampList-Server",
@@ -3455,6 +3458,7 @@
 			base64.StdEncoding.EncodeToString(testSCTList),
 		},
 		expectedSCTList: testSCTList,
+		resumeSession:   true,
 	})
 	testCases = append(testCases, testCase{
 		testType: clientTest,