Actually check that the message has the expected type in DTLS.

That might be a reasonable check to make, maybe.

DTLS handshake message reading has a ton of other bugs and needs a complete
rewrite. But let's fix this and get a test in now.

Change-Id: I4981fc302feb9125908bb6161ed1a18288c39e2b
Reviewed-by: Adam Langley <>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index e8df1aa..b505c8f 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -625,6 +625,10 @@
 	// SendInvalidRecordType, if true, causes a record with an invalid
 	// content type to be sent immediately following the handshake.
 	SendInvalidRecordType bool
+	// WrongCertificateMessageType, if true, causes Certificate message to
+	// be sent with the wrong message type.
+	WrongCertificateMessageType bool
 func (c *Config) serverInit() {