Fix various issues in TLS found using BoGo

 - BoGo sends unparseable OCSP responses, so we have to accomodate for
   this by delaying decoding until verification and simply ignoring
   OCSP responses that we can't parse.
 - Check that there is no trailing garbage at the end of various messages.
 - Don't send empty SNI
 - Check the TLS record header versions (previously ignored)
 - For CBC 1/n-1 splitting split every record instead of just first.
   I think this is not a problem but it is what BoGo expects.
 - New Channel::application_protocol virtual (previously was
   implemented on both Client and Server but not shared).
 - Changes to resumption version handling.
 - Fix server version selection when newer versions are disabled.

New policy hooks added in service of BoGo:
 - maximum_certificate_chain_size gives the maximum cert chain in bytes
   that we'll accept.
 - allow_resumption_for_renegotiation specifies if a renegotiation
   attempt can be simply (re-)resumed instead.
 - abort_handshake_on_undesired_renegotiation - previously we just
   ignored it with a warning alert. Now behavior is configurable.
 - request_client_certificate_authentication
 - require_client_certificate_authentication

1 files changed, 3 insertions, 3 deletions

diff --git a/src/tests/data/tls/alert.vec b/src/tests/data/tls/alert.vec
index cd5058212..e58b2cd1e 100644
--- a/src/tests/data/tls/alert.vec
+++ b/src/tests/data/tls/alert.vec
@@ -14,11 +14,11 @@ Exception =
 
 Buffer = 0030
 Protocol = 0303
-Exception = Alert: Bad code for alert level
+Exception = Bad code for TLS alert level
 
 Buffer = 02
-Exception = Alert: Bad size 1 for alert message
+Exception = Bad size (1) for TLS alert message
 
 Buffer = 020101
-Exception = Alert: Bad size 3 for alert message
+Exception = Bad size (3) for TLS alert message