crypto/tls: add support for -reject-alpn and -decline-alpn flags to bogo_shim_test

The existing implementation of bogo_shim_test does not support tests
which use the reject-alpn or the decline-alpn flag.
This change adds support for these flags in bogo_shim_test.

Updates #51434
Updates #46310

Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I3ff23ff4edd8f4c6c37ee6c9f2ee4689066c4e00
Reviewed-on: https://go-review.googlesource.com/c/go/+/592198
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/tls/bogo_shim_test.go

@@ -75,6 +75,8 @@ var (
 
 	advertiseALPN = flag.String("advertise-alpn", "", "")
 	expectALPN    = flag.String("expect-alpn", "", "")
+	rejectALPN    = flag.Bool("reject-alpn", false, "")
+	declineALPN   = flag.Bool("decline-alpn", false, "")
 
 	hostName = flag.String("host-name", "", "")
 
@@ -126,6 +128,14 @@ func bogoShim() {
 		}
 	}
 
+	if *rejectALPN {
+		cfg.NextProtos = []string{"unnegotiableprotocol"}
+	}
+
+	if *declineALPN {
+		cfg.NextProtos = []string{}
+	}
+
 	if *hostName != "" {
 		cfg.ServerName = *hostName
 	}
@@ -256,6 +266,9 @@ func bogoShim() {
 			if *expectVersion != 0 && cs.Version != uint16(*expectVersion) {
 				log.Fatalf("expected ssl version %q, got %q", uint16(*expectVersion), cs.Version)
 			}
+			if *declineALPN && cs.NegotiatedProtocol != "" {
+				log.Fatal("unexpected ALPN protocol")
+			}
 			if *expectECHAccepted && !cs.ECHAccepted {
 				log.Fatal("expected ECH to be accepted, but connection state shows it was not")
 			} else if i == 0 && *onInitialExpectECHAccepted && !cs.ECHAccepted {