Don't put sessions from renegotiations in the cache.

Rather than rely on Chromium to query SSL_initial_handshake_complete in the
callback (which didn't work anyway because the callback is called afterwards),
move the logic into BoringSSL. BoringSSL already enforces that clients never
offer resumptions on renegotiation (it wouldn't work well anyway as client
session cache lookup is external), so it's reasonable to also implement
in-library that sessions established on a renegotiation are not cached.

Add a bunch of tests that new_session_cb is called when expected.

BUG=501418

Change-Id: I42d44c82b043af72b60a0f8fdb57799e20f13ed5
Reviewed-on: https://boringssl-review.googlesource.com/5171
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index a7fee64..6571c2e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -531,11 +531,16 @@
         /* Remove write buffering now. */
         ssl_free_wbio_buffer(s);
 
+        const int is_initial_handshake = !s->s3->initial_handshake_complete;
+
         s->init_num = 0;
         s->s3->tmp.in_false_start = 0;
         s->s3->initial_handshake_complete = 1;
 
-        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+        if (is_initial_handshake) {
+          /* Renegotiations do not participate in session resumption. */
+          ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+        }
 
         ret = 1;
         /* s->server=0; */