Work around rustls RawPublicKey bug

Closes #3616

src/waltz/tls/fd_tls.c

@@ -985,8 +985,6 @@ fd_tls_client_hs_start( fd_tls_t const * const      client,
       .signature_algorithms = { .ed25519=1 },
       .cipher_suites        = { .aes_128_gcm_sha256=1 },
       .key_share            = { .has_x25519=1 },
-      .server_cert_types    = { .x509=!!client->cert_x509_sz, .raw_pubkey=1 },
-      .client_cert_types    = { .x509=!!client->cert_x509_sz, .raw_pubkey=1 },
       .quic_tp = {
         .buf   = (quic_tp_sz>=0L) ? quic_tp            : NULL,
         .bufsz = (quic_tp_sz>=0L) ? (ushort)quic_tp_sz : 0,

src/waltz/tls/fd_tls_proto.c

@@ -247,32 +247,6 @@ fd_tls_encode_client_hello( fd_tls_client_hello_t const * in,
 # undef FIELDS
   }
 
-  /* Add certificate types */
-
-  uchar  cert_type_srv[2]            = { FD_TLS_CERTTYPE_RAW_PUBKEY, FD_TLS_CERTTYPE_X509 };
-  ulong  cert_type_srv_cnt           = 1 + (!!in->server_cert_types.x509);
-  ushort cert_type_srv_list_ext_type = FD_TLS_EXT_SERVER_CERT_TYPE;
-  ushort cert_type_srv_list_ext_sz   = (ushort)(cert_type_srv_cnt+1UL);
-  uchar  cert_type_srv_list_sz       = (uchar ) cert_type_srv_cnt;
-
-  uchar  cert_type_cli[2]            = { FD_TLS_CERTTYPE_RAW_PUBKEY, FD_TLS_CERTTYPE_X509 };
-  ulong  cert_type_cli_cnt           = 1 + (!!in->client_cert_types.x509);
-  ushort cert_type_cli_list_ext_type = FD_TLS_EXT_CLIENT_CERT_TYPE;
-  ushort cert_type_cli_list_ext_sz   = (ushort)(cert_type_cli_cnt+1UL);
-  uchar  cert_type_cli_list_sz       = (uchar ) cert_type_cli_cnt;
-
-# define FIELDS( FIELD ) \
-  FIELD( 0, &cert_type_srv_list_ext_type, ushort, 1                 ); \
-  FIELD( 1, &cert_type_srv_list_ext_sz,   ushort, 1                 ); \
-  FIELD( 2, &cert_type_srv_list_sz,       uchar,  1                 ); \
-  FIELD( 3,  cert_type_srv,               uchar,  cert_type_srv_cnt ); \
-  FIELD( 4, &cert_type_cli_list_ext_type, ushort, 1                 ); \
-  FIELD( 5, &cert_type_cli_list_ext_sz,   ushort, 1                 ); \
-  FIELD( 6, &cert_type_cli_list_sz,       uchar,  1                 ); \
-  FIELD( 7,  cert_type_cli,               uchar,  cert_type_cli_cnt );
-  FD_TLS_ENCODE_STATIC_BATCH( FIELDS )
-# undef FIELDS
-
   *extension_tot_sz = fd_ushort_bswap( (ushort)( (ulong)wire_laddr - extension_start ) );
   return (long)( wire_laddr - (ulong)wire );
 }

src/waltz/tls/test_tls.c

@@ -1,4 +1,5 @@
 #include "fd_tls_proto.h"
+#include "../../ballet/x509/fd_x509_mock.h"
 
 FD_STATIC_ASSERT( sizeof( fd_tls_ext_cert_type_list_t )==1UL, layout );
 FD_STATIC_ASSERT( sizeof( fd_tls_ext_cert_type_t      )==1UL, layout );
@@ -149,7 +150,6 @@ test_tls_server_respond( fd_tls_t *            server,
   while( (rec = test_record_recv( &test_client_out )) ) {
     long res = fd_tls_server_handshake( server, hs, rec->buf, rec->cur, rec->level );
     if( res<0L ) {
-      fd_halt();
       FD_LOG_ERR(( "fd_tls_server_handshake failed (alert %ld-%s; reason %u-%s)",
                    res,             fd_tls_alert_cstr( (uint)-res ),
                    hs->base.reason, fd_tls_reason_cstr( hs->base.reason ) ));
@@ -192,6 +192,11 @@ prepare_tls_pair( fd_rng_t * rng,
   for( ulong b=0; b<32UL; b++ ) client->kex_private_key [b] = fd_rng_uchar( rng );
   fd_memcpy( client->cert_public_key, client_sign_ctx.public_key, 32UL );
 
+  fd_x509_mock_cert( server->cert_x509, server->cert_public_key );
+  server->cert_x509_sz = FD_X509_MOCK_CERT_SZ;
+  fd_x509_mock_cert( client->cert_x509, client->cert_public_key );
+  client->cert_x509_sz = FD_X509_MOCK_CERT_SZ;
+
   fd_x25519_public( server->kex_public_key, server->kex_private_key );
   fd_x25519_public( client->kex_public_key, client->kex_private_key );
 }