Add tests for bad CertificateVerify signatures.

I don't think we had coverage for this check.

Change-Id: I5e454e69c1ee9f1b9760d2ef1431170d76f78d63
Reviewed-on: https://boringssl-review.googlesource.com/5544
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 1121dac..9fa394f 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -786,6 +786,32 @@
 			expectedError: ":BAD_SIGNATURE:",
 		},
 		{
+			testType: serverTest,
+			name:     "BadRSASignature-ClientAuth",
+			config: Config{
+				Bugs: ProtocolBugs{
+					InvalidCertVerifySignature: true,
+				},
+				Certificates: []Certificate{getRSACertificate()},
+			},
+			shouldFail:    true,
+			expectedError: ":BAD_SIGNATURE:",
+			flags:         []string{"-require-any-client-certificate"},
+		},
+		{
+			testType: serverTest,
+			name:     "BadECDSASignature-ClientAuth",
+			config: Config{
+				Bugs: ProtocolBugs{
+					InvalidCertVerifySignature: true,
+				},
+				Certificates: []Certificate{getECDSACertificate()},
+			},
+			shouldFail:    true,
+			expectedError: ":BAD_SIGNATURE:",
+			flags:         []string{"-require-any-client-certificate"},
+		},
+		{
 			name: "BadECDSACurve",
 			config: Config{
 				CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},