BoGo is the TLS test suite for boringssl, which we run against rustls as well.
You will need golang installed
$ cd bogo # from rustls repo root
$ BOGO_SHIM_PROVIDER=aws-lc-rs ./runme$ cd bogo # from rustls repo root
$ ./runme -test "Foo;Bar" # where Foo and Bar are test names like EarlyData-Server-BadFinished-TLS13When updating the BoGo suite it's expected that new failures will emerge. There are often two major categories to diagnose:
Often the upstream will change expected error outputs (e.g. changing from
:DECODE_ERROR: to :NO_CERTS:). The bogo_shim handle_err
function is responsible for mapping errors in combination with the ErrorMap
and TestErrorMap data in config.json. These will typically
need updating for new error outputs or changes in error outputs.
When the upstream test suite adds new options that aren't handled by Rustls the
bogo_shim's main fn can be updated to signal NYI
(not-yet-implemented) for the unhandled options. See the // Not implemented things switch near the end of the function definition.
Use your best judgement to decide whether there should be a Rustls issue filed to consider implementing the option in question.