am 07f4f423: Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533

* commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5':
  Handle RDRAND failures.
  dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
  Fix for CVE-2015-1789.
  Fixes for CVE-2015-1791.

1 files changed, 14 insertions, 0 deletions

diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc
index 40cb149..3b95d7e 100644
--- a/src/ssl/test/bssl_shim.cc
+++ b/src/ssl/test/bssl_shim.cc
@@ -838,6 +838,20 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
         return false;
       }
     }
+
+    if (!config->is_server) {
+      /* Clients should expect a peer certificate chain iff this was not a PSK
+       * cipher suite. */
+      if (config->psk.empty()) {
+        if (SSL_get_peer_cert_chain(ssl.get()) == nullptr) {
+          fprintf(stderr, "Missing peer certificate chain!\n");
+          return false;
+        }
+      } else if (SSL_get_peer_cert_chain(ssl.get()) != nullptr) {
+        fprintf(stderr, "Unexpected peer certificate chain!\n");
+        return false;
+      }
+    }
   }
 
   if (config->export_keying_material > 0) {