diff --git a/bogo/bogo_shim.rs b/bogo/bogo_shim.rs index fa5072b..aa33909 100644 --- a/bogo/bogo_shim.rs +++ b/bogo/bogo_shim.rs @@ -37,13 +37,13 @@ extern crate env_logger; extern crate libc; extern crate mesalink_internals; +use mesalink_internals::ssl::err::ErrorCode; +use mesalink_internals::ssl::{err, ssl}; use std::env; -use std::process; -use std::net; -use std::io::Write; use std::ffi::CString; -use mesalink_internals::ssl::{err, ssl}; -use mesalink_internals::ssl::err::ErrorCode; +use std::io::Write; +use std::net; +use std::process; static BOGO_NACK: i32 = 89; @@ -99,7 +99,9 @@ impl Options { } fn tls13_supported(&self) -> bool { - self.support_tls13 && (self.version_allowed(0x0304) || self.version_allowed(0x7f12)) + self.support_tls13 + && (self.version_allowed(0x0304) || self.version_allowed(0x7f16) + || self.version_allowed(0x7f17)) } fn tls12_supported(&self) -> bool { @@ -445,6 +447,7 @@ fn main() { "-no-tls11" | "-no-tls1" | "-no-ssl3" | + "-handoff" | "-decline-alpn" | "-expect-no-session" | "-expect-session-miss" | diff --git a/bogo/config.json b/bogo/config.json index 25ab2e1..df9ea29 100644 --- a/bogo/config.json +++ b/bogo/config.json @@ -9,12 +9,15 @@ "*-TLS11": "", "ConflictingVersionNegotiation": "", "SendFallbackSCSV": "fallback scsv not implemented", - "VersionNegotiation-*-TLS13Draft22-TLS13Experiment2": "no old drafts", + "VersionNegotiation-*-TLS13Draft23-TLS13Experiment2": "no old drafts", "PointFormat-Server-Missing": "we require ecc", "ECDSAKeyUsage-*": "TODO: we don't do anything with key usages", "CheckRecordVersion-*": "we don't look at record version", "TLS13-WrongOuterRecord": "we're lax on this", "*DTLS*": "not supported", + "TokenBinding-*": "not supported", + "QUICTransportParams-*": "not supported", + "DummyPQPadding-*": "not supported", "MTU*": "dtls only", "DisableEverything": "not useful", "SendEmptyRecords": "non-standard openssl/boringssl behaviour", @@ -23,10 +26,13 @@ "SendWarningAlerts-*": "", "LargeMessage-Reject": "", "Peek-*": "", - "SendHelloRetryRequest-2-TLS13Draft22": "we accept any supported keyshare", + "SendHelloRetryRequest-2-TLS13Draft23": "we accept any supported keyshare", "OmitExtensions-ServerHello-TLS12": "bug in bogo if sct offered", "EmptyExtensions-ServerHello-TLS12": "", "CBCRecordSplitting*": "insane ciphersuites", + "*-Split": "", + "EchoTLS13CompatibilitySessionID": "", + "SendHelloRetryRequest-2-TLS13Draft23": "we accept any supported keyshare", "*CBCPadding*": "", "RSAEphemeralKey": "", "BadRSAClientKeyExchange-*": "", @@ -37,12 +43,15 @@ "*-AES256-SHA*": "", "*-ECDSA-SHA1-*": "no ecdsa-sha1", "*-Sign-RSA-PKCS1-SHA1-*": "no sha1", + "*-P-224-*": "no p224", "*-P521-*": "no p521", - "*-P-521": "", - "*-P-224": "no p224", - "*-P-224-*": "", - "CurveTest-Client-P-521-TLS13": "", - "CurveTest-Server-P-521-TLS13": "", + "CurveTest-Client-P-521-TLS12": "", + "CurveTest-Server-P-521-TLS12": "", + "CurveTest-Client-Compressed-P-521-TLS12": "", + "CurveTest-Server-Compressed-P-521-TLS12": "", + "CurveTest-Client-P-521-TLS13Draft23": "", + "CurveTest-Server-P-521-TLS13Draft23": "", + "CurveTest-*-Compressed-*": "", "*-Ed25519": "no ed25519 yet", "*-Ed25519-*": "", "GREASE-*": "not implemented", @@ -124,9 +133,9 @@ "TrailingMessageData-TLS13-ServerFinished": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", "TrailingMessageData-TLS13-ClientCertificate": ":BAD_HANDSHAKE_MSG:", "TrailingMessageData-TLS13-ClientCertificateVerify": ":BAD_HANDSHAKE_MSG:", - "MissingKeyShare-Client-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "MissingKeyShare-Server-TLS13Draft22": ":INCOMPATIBLE:", - "EmptyEncryptedExtensions-TLS13Draft22": ":BAD_HANDSHAKE_MSG:", + "MissingKeyShare-Client-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "MissingKeyShare-Server-TLS13Draft23": ":INCOMPATIBLE:", + "EmptyEncryptedExtensions-TLS13Draft23": ":BAD_HANDSHAKE_MSG:", "NoSupportedCurves": ":INCOMPATIBLE:", "BadECDHECurve": ":PEER_MISBEHAVIOUR:", "VersionTooLow": ":INCOMPATIBLE:", @@ -146,51 +155,51 @@ "NoNullCompression-TLS12": ":INCOMPATIBLE:", "NoNullCompression-TLS13": ":INCOMPATIBLE:", "InvalidCompressionMethod": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-InvalidCompressionMethod": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-AES128-GCM-server": ":INCOMPATIBLE:", - "TLS13Draft22-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-AES256-GCM-server": ":INCOMPATIBLE:", - "TLS13Draft22-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-ECDHE-ECDSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-ECDHE-ECDSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-ECDHE-ECDSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-ECDHE-RSA-AES128-GCM-server": ":INCOMPATIBLE:", - "TLS13Draft22-ECDHE-RSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-ECDHE-RSA-AES256-GCM-server": ":INCOMPATIBLE:", - "TLS13Draft22-ECDHE-RSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", - "TLS13Draft22-ECDHE-RSA-CHACHA20-POLY1305-server": ":INCOMPATIBLE:", - "TLS13Draft22-ECDHE-RSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-InvalidCompressionMethod": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-AES128-GCM-server": ":INCOMPATIBLE:", + "TLS13Draft23-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-AES256-GCM-server": ":INCOMPATIBLE:", + "TLS13Draft23-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-ECDHE-ECDSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-ECDHE-ECDSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-ECDHE-ECDSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-ECDHE-RSA-AES128-GCM-server": ":INCOMPATIBLE:", + "TLS13Draft23-ECDHE-RSA-AES128-GCM-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-ECDHE-RSA-AES256-GCM-server": ":INCOMPATIBLE:", + "TLS13Draft23-ECDHE-RSA-AES256-GCM-client": ":PEER_MISBEHAVIOUR:", + "TLS13Draft23-ECDHE-RSA-CHACHA20-POLY1305-server": ":INCOMPATIBLE:", + "TLS13Draft23-ECDHE-RSA-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", "TLS12-AEAD-CHACHA20-POLY1305-server": ":INCOMPATIBLE:", "TLS12-AEAD-CHACHA20-POLY1305-client": ":PEER_MISBEHAVIOUR:", "TLS12-AEAD-AES128-GCM-SHA256-server": ":INCOMPATIBLE:", "TLS12-AEAD-AES128-GCM-SHA256-client": ":PEER_MISBEHAVIOUR:", "TLS12-AEAD-AES256-GCM-SHA384-server": ":INCOMPATIBLE:", "TLS12-AEAD-AES256-GCM-SHA384-client": ":PEER_MISBEHAVIOUR:", - "SkipHelloRetryRequest-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "SkipHelloRetryRequest-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "NoSupportedVersions": ":INCOMPATIBLE:", - "ClientAuth-Verify-RSA-PKCS1-SHA1-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA1-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ClientAuth-Verify-RSA-PKCS1-SHA256-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA256-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ClientAuth-Verify-RSA-PKCS1-SHA384-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA384-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ClientAuth-Verify-RSA-PKCS1-SHA512-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Verify-RSA-PKCS1-SHA512-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Sign-RSA-PKCS1-SHA256-TLS13Draft22": ":INCOMPATIBLE:", - "ServerAuth-Sign-RSA-PKCS1-SHA384-TLS13Draft22": ":INCOMPATIBLE:", - "ServerAuth-Sign-RSA-PKCS1-SHA512-TLS13Draft22": ":INCOMPATIBLE:", - "ClientAuth-Sign-RSA-PKCS1-SHA256-TLS13Draft22": ":INCOMPATIBLE:", - "ClientAuth-Sign-RSA-PKCS1-SHA384-TLS13Draft22": ":INCOMPATIBLE:", - "ClientAuth-Sign-RSA-PKCS1-SHA512-TLS13Draft22": ":INCOMPATIBLE:", - "ALPNClient-EmptyProtocolName-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ALPNServer-EmptyProtocolName-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "ALPNClient-RejectUnknown-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "ClientAuth-Verify-RSA-PKCS1-SHA1-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ServerAuth-Verify-RSA-PKCS1-SHA1-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ClientAuth-Verify-RSA-PKCS1-SHA256-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ServerAuth-Verify-RSA-PKCS1-SHA256-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ClientAuth-Verify-RSA-PKCS1-SHA384-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ServerAuth-Verify-RSA-PKCS1-SHA384-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ClientAuth-Verify-RSA-PKCS1-SHA512-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ServerAuth-Verify-RSA-PKCS1-SHA512-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ServerAuth-Sign-RSA-PKCS1-SHA256-TLS13Draft23": ":INCOMPATIBLE:", + "ServerAuth-Sign-RSA-PKCS1-SHA384-TLS13Draft23": ":INCOMPATIBLE:", + "ServerAuth-Sign-RSA-PKCS1-SHA512-TLS13Draft23": ":INCOMPATIBLE:", + "ClientAuth-Sign-RSA-PKCS1-SHA256-TLS13Draft23": ":INCOMPATIBLE:", + "ClientAuth-Sign-RSA-PKCS1-SHA384-TLS13Draft23": ":INCOMPATIBLE:", + "ClientAuth-Sign-RSA-PKCS1-SHA512-TLS13Draft23": ":INCOMPATIBLE:", + "ALPNClient-EmptyProtocolName-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ALPNServer-EmptyProtocolName-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "ALPNClient-RejectUnknown-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "ClientAuth-NoFallback-TLS13": ":INCOMPATIBLE:", "ServerAuth-NoFallback-TLS13": ":INCOMPATIBLE:", "ClientAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:", "ServerAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:", - "SecondClientHelloWrongCurve-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "SecondClientHelloMissingKeyShare-TLS13Draft22": ":INCOMPATIBLE:", + "SecondClientHelloWrongCurve-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "SecondClientHelloMissingKeyShare-TLS13Draft23": ":INCOMPATIBLE:", "Resume-Server-BinderWrongLength": ":PEER_MISBEHAVIOUR:", "Resume-Server-NoPSKBinder": ":PEER_MISBEHAVIOUR:", "Resume-Server-ExtraPSKBinder": ":PEER_MISBEHAVIOUR:", @@ -201,61 +210,61 @@ "Resume-Server-UnofferedCipher-TLS13": ":PEER_MISBEHAVIOUR:", "Resume-Client-CipherMismatch-TLS13": ":PEER_MISBEHAVIOUR:", "Resume-Client-PRFMismatch-TLS13": ":PEER_MISBEHAVIOUR:", - "Resume-Client-Mismatch-TLS12-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "Resume-Client-Mismatch-TLS13Draft22-TLS12": ":PEER_MISBEHAVIOUR:", + "Resume-Client-Mismatch-TLS12-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "Resume-Client-Mismatch-TLS13Draft23-TLS12": ":PEER_MISBEHAVIOUR:", "NoSupportedCurves-TLS13": ":INCOMPATIBLE:", "BadECDHECurve-TLS13": ":PEER_MISBEHAVIOUR:", "InvalidECDHPoint-Client-TLS13": ":PEER_MISBEHAVIOUR:", "InvalidECDHPoint-Server-TLS13": ":PEER_MISBEHAVIOUR:", - "InvalidPSKIdentity-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "AlwaysSelectPSKIdentity-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "TrailingKeyShareData-TLS13Draft22": ":BAD_HANDSHAKE_MSG:", - "HelloRetryRequestCurveMismatch-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "HelloRetryRequestVersionMismatch-TLS13Draft22": ":BAD_HANDSHAKE_MSG:", - "HelloRetryRequest-DuplicateCookie-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "HelloRetryRequest-DuplicateCurve-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "InvalidPSKIdentity-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "AlwaysSelectPSKIdentity-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "TrailingKeyShareData-TLS13Draft23": ":BAD_HANDSHAKE_MSG:", + "HelloRetryRequestCurveMismatch-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "HelloRetryRequestVersionMismatch-TLS13Draft23": ":BAD_HANDSHAKE_MSG:", + "HelloRetryRequest-DuplicateCookie-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "HelloRetryRequest-DuplicateCurve-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "UnknownUnencryptedExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:", "UnexpectedUnencryptedExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:", "UnofferedExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:", "RenegotiationInfo-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:", "UnknownExtension-Client-TLS13": ":PEER_MISBEHAVIOUR:", - "RequestContextInHandshake-TLS13Draft22": ":BAD_HANDSHAKE_MSG:", - "UnnecessaryHelloRetryRequest-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "UnknownCurve-HelloRetryRequest-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "DisabledCurve-HelloRetryRequest-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "HelloRetryRequest-Empty-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "HelloRetryRequest-EmptyCookie-TLS13Draft22": ":PEER_MISBEHAVIOUR:", - "HelloRetryRequest-Unknown-TLS13Draft22": ":INCOMPATIBLE:", - "MinimumVersion-Client-TLS13Draft22-TLS12": ":INCOMPATIBLE:", - "MinimumVersion-Client2-TLS13Draft22-TLS12": ":INCOMPATIBLE:", - "MinimumVersion-Server-TLS13Draft22-TLS12": ":INCOMPATIBLE:", - "MinimumVersion-Server2-TLS13Draft22-TLS12": ":INCOMPATIBLE:", - "DuplicateKeyShares-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "RequestContextInHandshake-TLS13Draft23": ":BAD_HANDSHAKE_MSG:", + "UnnecessaryHelloRetryRequest-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "UnknownCurve-HelloRetryRequest-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "DisabledCurve-HelloRetryRequest-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "HelloRetryRequest-Empty-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "HelloRetryRequest-EmptyCookie-TLS13Draft23": ":PEER_MISBEHAVIOUR:", + "HelloRetryRequest-Unknown-TLS13Draft23": ":INCOMPATIBLE:", + "MinimumVersion-Client-TLS13Draft23-TLS12": ":INCOMPATIBLE:", + "MinimumVersion-Client2-TLS13Draft23-TLS12": ":INCOMPATIBLE:", + "MinimumVersion-Server-TLS13Draft23-TLS12": ":INCOMPATIBLE:", + "MinimumVersion-Server2-TLS13Draft23-TLS12": ":INCOMPATIBLE:", + "DuplicateKeyShares-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "PartialEncryptedExtensionsWithServerHello": ":PEER_MISBEHAVIOUR:", "PartialClientFinishedWithClientHello": ":PEER_MISBEHAVIOUR:", "PointFormat-EncryptedExtensions-TLS13": ":PEER_MISBEHAVIOUR:", "Ticket-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:", "PointFormat-Server-MissingUncompressed": ":INCOMPATIBLE:", - "MissingSignatureAlgorithmsInCertificateRequest-TLS13Draft22": ":INCOMPATIBLE:", - "NegotiatePSKResumption-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "MissingSignatureAlgorithmsInCertificateRequest-TLS13Draft23": ":INCOMPATIBLE:", + "NegotiatePSKResumption-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "PointFormat-Client-MissingUncompressed": ":PEER_MISBEHAVIOUR:", "SendUnsolicitedOCSPOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "SendUnsolicitedSCTOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "UnsolicitedServerNameAck-TLS12": ":PEER_MISBEHAVIOUR:", - "UnsolicitedServerNameAck-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "UnsolicitedServerNameAck-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "TicketSessionIDLength-33-TLS12": ":BAD_HANDSHAKE_MSG:", "Ed25519DefaultDisable-NoAccept": ":PEER_MISBEHAVIOUR:", "SendUnknownExtensionOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "SendDuplicateExtensionsOnCerts-TLS13": ":PEER_MISBEHAVIOUR:", "SignedCertificateTimestampListEmpty-Client-TLS12": ":PEER_MISBEHAVIOUR:", - "SignedCertificateTimestampListEmpty-Client-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "SignedCertificateTimestampListEmpty-Client-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "SignedCertificateTimestampListEmptySCT-Client-TLS12": ":PEER_MISBEHAVIOUR:", - "SignedCertificateTimestampListEmptySCT-Client-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "SignedCertificateTimestampListEmptySCT-Client-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "EMS-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:", "Unclean-Shutdown": ":CLOSE_WITHOUT_CLOSE_NOTIFY:", "SendExtensionOnClientCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "SendBogusAlertType": ":BAD_ALERT:", - "TLS13Draft22-HRR-InvalidCompressionMethod": ":BAD_HANDSHAKE_MSG:", + "TLS13Draft23-HRR-InvalidCompressionMethod": ":BAD_HANDSHAKE_MSG:", "CertificateCipherMismatch-RSA": ":PEER_MISBEHAVIOUR:", "CertificateCipherMismatch-ECDSA": ":PEER_MISBEHAVIOUR:", "ServerCipherFilter-RSA": ":INCOMPATIBLE:", @@ -263,8 +272,8 @@ "TLS13-OnlyPadding": ":PEER_MISBEHAVIOUR:", "TLS13-EmptyRecords": ":PEER_MISBEHAVIOUR:", "SupportedVersionSelection-TLS12": ":PEER_MISBEHAVIOUR:", - "HelloRetryRequestVersionMismatch-TLS13Draft22": ":INCOMPATIBLE:", - "HelloRetryRequest-CipherChange-TLS13Draft22": ":PEER_MISBEHAVIOUR:", + "HelloRetryRequestVersionMismatch-TLS13Draft23": ":INCOMPATIBLE:", + "HelloRetryRequest-CipherChange-TLS13Draft23": ":PEER_MISBEHAVIOUR:", "ExtendedMasterSecret-NoToYes-Client": ":PEER_MISBEHAVIOUR:", "ExtendedMasterSecret-YesToNo-Server": ":PEER_MISBEHAVIOUR:", "ExtendedMasterSecret-YesToNo-Client": ":PEER_MISBEHAVIOUR:" @@ -272,6 +281,6 @@ "TestLocalErrorMap": { "SendServerHelloAsHelloRetryRequest": "remote error: error decoding message", "GarbageCertificate-Server-TLS12": "remote error: access denied", - "GarbageCertificate-Server-TLS13Draft22": "remote error: access denied" + "GarbageCertificate-Server-TLS13Draft23": "remote error: access denied" } } diff --git a/bogo/fetch-and-build b/bogo/fetch-and-build index 5578d19..042919c 100755 --- a/bogo/fetch-and-build +++ b/bogo/fetch-and-build @@ -1,10 +1,10 @@ # ISC License (ISC) # Copyright (c) 2016, Joseph Birr-Pixton -# +# # Permission to use, copy, modify, and/or distribute this software for # any purpose with or without fee is hereby granted, provided that the # above copyright notice and this permission notice appear in all copies. -# +# # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL # WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE @@ -19,7 +19,7 @@ set -e # a known-good commit -COMMIT=0a54e998481b0b5a8abd9717c5f7301a3b18b628 +COMMIT=8a1a5daa490ee95be6ba1a5e076c2589977d057a rm -f runner.tar.gz wget https://boringssl.googlesource.com/boringssl/+archive/$COMMIT/ssl/test/runner.tar.gz diff --git a/bogo/patches/testerrormap.diff b/bogo/patches/testerrormap.diff index ad8ac39..50d0ef8 100644 --- a/bogo/patches/testerrormap.diff +++ b/bogo/patches/testerrormap.diff @@ -1,10 +1,10 @@ # ISC License (ISC) # Copyright (c) 2016, Joseph Birr-Pixton -# +# # Permission to use, copy, modify, and/or distribute this software for # any purpose with or without fee is hereby granted, provided that the # above copyright notice and this permission notice appear in all copies. -# +# # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL # WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE @@ -20,7 +20,7 @@ diff -ru original/runner.go bogo/runner.go @@ -83,6 +83,14 @@ // like “SSL_ERROR_NO_CYPHER_OVERLAP”. ErrorMap map[string]string - + + // TestErrorMap maps from full test names to the correct error + // string for the shim in question. + TestErrorMap map[string]string @@ -35,7 +35,7 @@ diff -ru original/runner.go bogo/runner.go @@ -939,7 +947,11 @@ } } - + -func translateExpectedError(errorStr string) string { +func translateExpectedError(testName string, errorStr string) string { + if translated, ok := shimConfig.TestErrorMap[testName]; ok { @@ -48,7 +48,7 @@ diff -ru original/runner.go bogo/runner.go @@ -951,6 +963,14 @@ return errorStr } - + +func translateExpectedLocalError(testName string, localError string) string { + if translated, ok := shimConfig.TestLocalErrorMap[testName]; ok { + return translated @@ -62,12 +62,12 @@ diff -ru original/runner.go bogo/runner.go defer func() { @@ -1215,15 +1235,16 @@ } - + failed := err != nil || childErr != nil - expectedError := translateExpectedError(test.expectedError) + expectedError := translateExpectedError(test.name, test.expectedError) correctFailure := len(expectedError) == 0 || strings.Contains(stderr, expectedError) - + + var expectedLocalError = translateExpectedLocalError(test.name, test.expectedLocalError) localError := "none" if err != nil { @@ -78,5 +78,5 @@ diff -ru original/runner.go bogo/runner.go + if len(expectedLocalError) != 0 { + correctFailure = correctFailure && strings.Contains(localError, expectedLocalError) } - - if failed != test.shouldFail || failed && !correctFailure || mustFail { + + if failed != test.shouldFail || failed && !correctFailure || mustFail { \ No newline at end of file