Explicitly handle empty NewSessionTickets on the client.

RFC 5077 explicitly allows the server to change its mind and send no
ticket by sending an empty NewSessionTicket. See also upstream's

CBS_stow handles this case somewhat, so we won't get confused about
malloc(0) as upstream did. But we'll still fill in a bogus SHA-256
session ID, cache the session, and send a ClientHello with bogus session
ID but empty ticket extension. (The session ID field changes meaning
significantly when the ticket is or isn't empty. Non-empty means "ignore
the session ID, but echo if it resuming" while empty means "I support
tickets, but am offering this session ID".

The other behavior change is that a server which changes its mind on a
resumption handshake will no longer override the client's session cache
with a ticket-less session.

(This is kind of silly. Given that we don't get completely confused due
to CBS_stow, it might not be worth bothering with the rest. Mostly it
bugged me that we send an indicator session ID with no ticket.)

Change-Id: Id6b5bde1fe51aa3e1f453a948e59bfd1e2502db6
Reviewed-on: https://boringssl-review.googlesource.com/6340
Reviewed-by: Adam Langley <alangley@gmail.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 189854e..01813f9 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1971,6 +1971,18 @@
 			// does not fail.
 			expectMessageDropped: true,
+		{
+			name: "SendEmptySessionTicket",
+			config: Config{
+				Bugs: ProtocolBugs{
+					SendEmptySessionTicket: true,
+					FailIfSessionOffered:   true,
+				},
+			},
+			flags:                []string{"-expect-no-session"},
+			resumeSession:        true,
+			expectResumeRejected: true,
+		},
 	testCases = append(testCases, basicTests...)