} else {
			serverConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
			serverConfig.Certificates[0].PrivateKey = testRSAPrivateKey
		}
		serverConfig.BuildNameToCertificate()
		t.Run(fmt.Sprintf("suite=%#x", id), func(t *testing.T) {
			clientHello := &clientHelloMsg{
				vers:               VersionTLS12,
				random:             make([]byte, 32),

			},
			{
				Certificate: [][]byte{fromHex(certWildcardExampleCom)},
			},
			{
				Certificate: [][]byte{fromHex(certFooExampleCom)},
			},
		},
	}

	config.BuildNameToCertificate()

	pointerToIndex := func(c *Certificate) int {
		for i := range config.Certificates {
			if c == &config.Certificates[i] {
				return i
			}
		}
		return -1
	}

	serverConfig.Certificates = make([]Certificate, 1)
	serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
	serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
	serverConfig.BuildNameToCertificate()
	// First test that it *does* work when the server's key is ECDSA.
	testClientHello(t, serverConfig, clientHello)

	// Now test that switching to an RSA key causes the expected error (and

	testConfig.Certificates[0].PrivateKey = testRSAPrivateKey
	testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate}
	testConfig.Certificates[1].PrivateKey = testRSAPrivateKey
	testConfig.BuildNameToCertificate()
	if *keyFile != "" {
		f, err := os.OpenFile(*keyFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
		if err != nil {
			panic("failed to open -keylog file: " + err.Error())
		}
		testConfig.KeyLogWriter = f

	}
	config := testConfig.Clone()
	config.Certificates = []Certificate{c0, c1}

	config.BuildNameToCertificate()
	got := config.Certificates
	want := []Certificate{c0, c1}
	if !reflect.DeepEqual(got, want) {
		t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want)
	}
}

		for _, ca := range cri.AcceptableCAs {
			if bytes.Equal(x509Cert.RawIssuer, ca) {
				return nil
			}
		}
	}
	return errors.New("chain is not signed by an acceptable CA")
}

// BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate
// from the CommonName and SubjectAlternateName fields of each of the leaf
// certificates.
//

		{"(*ClientHelloInfo).Context", Method, 17},
		{"(*ClientHelloInfo).SupportsCertificate", Method, 14},
		{"(*ClientSessionState).ResumptionState", Method, 21},
		{"(*Config).BuildNameToCertificate", Method, 0},
		{"(*Config).Clone", Method, 8},
		{"(*Config).DecryptTicket", Method, 21},
		{"(*Config).EncryptTicket", Method, 21},
		{"(*Config).SetSessionTicketKeys", Method, 5},

pkg compress/flate, type WriteError //deprecated
pkg crypto/rc4, method (*Cipher) Reset //deprecated
pkg crypto/tls, const VersionSSL30 //deprecated
pkg crypto/tls, method (*Config) BuildNameToCertificate //deprecated
pkg crypto/tls, type Config struct, NameToCertificate //deprecated
pkg crypto/tls, type Config struct, SessionTicketKey //deprecated

pkg crypto/tls, func NewListener(net.Listener, *Config) net.Listener
pkg crypto/tls, func Server(net.Conn, *Config) *Conn
pkg crypto/tls, func X509KeyPair([]uint8, []uint8) (Certificate, error)
pkg crypto/tls, method (*Config) BuildNameToCertificate()
pkg crypto/tls, method (*Conn) Close() error
pkg crypto/tls, method (*Conn) ConnectionState() ConnectionState
pkg crypto/tls, method (*Conn) Handshake() error
pkg crypto/tls, method (*Conn) LocalAddr() net.Addr