--- /dev/null
+{
+ "DisabledTests": {
+ "*QUIC*": "No QUIC support",
+ "Compliance-fips*": "No FIPS",
+ "*DTLS*": "No DTLS",
+ "SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
+ "SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
+ "TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
+ "SkipNewSessionTicket": "TODO confusing? maybe bug",
+ "SendUserCanceledAlerts*": "TODO may be a real bug?",
+ "GREASE-Server-TLS13": "TODO ???",
+ "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
+ "SendBogusAlertType": "sending wrong alert type",
+ "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
+ "*ECH-Server*": "no ECH server support",
+ "TLS-ECH-Client-UnsolictedHRRExtension": "TODO",
+ "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
+ "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
+ "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
+ "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
+ "InvalidCompressionMethod": "TODO: first pass, this should be fixed",
+ "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+ "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
+ "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
+ "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
+ "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
+ "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
+ "MinorVersionTolerance": "TODO: first pass, this should be fixed",
+ "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
+ "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
+ "MajorVersionTolerance": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
+ "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
+ "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
+ "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
+ "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
+ "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
+ "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
+ "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
+ "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
+ "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
+ "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
+ "SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
+ "SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
+ "SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
+ "Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
+ "Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
+ "Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
+ "Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
+ "Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
+ "Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
+ "Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
+ "Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
+ "Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
+ "Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
+ "Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
+ "Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
+ "Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
+ "Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
+ "Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
+ "Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
+ "ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
+ "ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
+ "ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
+ "ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
+ "Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
+ "Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
+ "NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
+ "UnknownExtension-Client": "TODO: first pass, this should be fixed",
+ "UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
+ "UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
+ "UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
+ "SendClientVersion-RSA": "TODO: first pass, this should be fixed",
+ "NoCommonCurves": "TODO: first pass, this should be fixed",
+ "PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
+ "PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
+ "TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
+ "TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
+ "Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
+ "Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
+ "Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
+ "Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
+ "Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
+ "Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
+ "PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
+ "PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
+ "PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
+ "PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
+ "TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
+ "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
+ "ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
+ "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
+ "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
+ "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
+ "Client-TooLongSessionID": "TODO: first pass, this should be fixed",
+ "Client-ShortSessionID": "TODO: first pass, this should be fixed",
+ "TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
+ "Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
+ "EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
+ "SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
+ "EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
+ "HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
+ "HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
+ "HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
+ "SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
+ "ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
+ "ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
+ "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
+ "EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
+ "OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
+ "EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
+ "OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
+ "EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
+ "OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
+ "DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
+ "DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
+ "Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
+ "CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
+ "CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed"
+ }
+}
\ No newline at end of file
--- /dev/null
+package tls
+
+import (
+ "crypto/x509"
+ "encoding/binary"
+ "encoding/json"
+ "encoding/pem"
+ "flag"
+ "fmt"
+ "internal/testenv"
+ "io"
+ "log"
+ "net"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "testing"
+)
+
+var (
+ port = flag.String("port", "", "")
+ server = flag.Bool("server", false, "")
+
+ isHandshakerSupported = flag.Bool("is-handshaker-supported", false, "")
+
+ keyfile = flag.String("key-file", "", "")
+ certfile = flag.String("cert-file", "", "")
+
+ trustCert = flag.String("trust-cert", "", "")
+
+ minVersion = flag.Int("min-version", VersionSSL30, "")
+ maxVersion = flag.Int("max-version", VersionTLS13, "")
+
+ noTLS13 = flag.Bool("no-tls13", false, "")
+
+ requireAnyClientCertificate = flag.Bool("require-any-client-certificate", false, "")
+
+ shimWritesFirst = flag.Bool("shim-writes-first", false, "")
+
+ resumeCount = flag.Int("resume-count", 0, "")
+
+ shimID = flag.Uint64("shim-id", 0, "")
+ _ = flag.Bool("ipv6", false, "")
+
+ // Unimplemented flags
+ // -advertise-alpn
+ // -advertise-npn
+ // -allow-hint-mismatch
+ // -async
+ // -check-close-notify
+ // -cipher
+ // -curves
+ // -delegated-credential
+ // -dtls
+ // -ech-config-list
+ // -ech-server-config
+ // -enable-channel-id
+ // -enable-early-data
+ // -enable-ech-grease
+ // -enable-grease
+ // -enable-ocsp-stapling
+ // -enable-signed-cert-timestamps
+ // -expect-advertised-alpn
+ // -expect-certificate-types
+ // -expect-channel-id
+ // -expect-cipher-aes
+ // -expect-client-ca-list
+ // -expect-curve-id
+ // -expect-early-data-reason
+ // -expect-extended-master-secret
+ // -expect-hrr
+ // -expect-key-usage-invalid
+ // -expect-msg-callback
+ // -expect-no-session
+ // -expect-peer-cert-file
+ // -expect-peer-signature-algorithm
+ // -expect-peer-verify-pref
+ // -expect-secure-renegotiation
+ // -expect-server-name
+ // -expect-ticket-supports-early-data
+ // -export-keying-material
+ // -export-traffic-secrets
+ // -fail-cert-callback
+ // -fail-early-callback
+ // -fallback-scsv
+ // -false-start
+ // -forbid-renegotiation-after-handshake
+ // -handshake-twice
+ // -host-name
+ // -ignore-rsa-key-usage
+ // -implicit-handshake
+ // -install-cert-compression-algs
+ // -install-ddos-callback
+ // -install-one-cert-compression-alg
+ // -jdk11-workaround
+ // -key-update
+ // -max-cert-list
+ // -max-send-fragment
+ // -no-ticket
+ // -no-tls1
+ // -no-tls11
+ // -no-tls12
+ // -ocsp-response
+ // -on-resume-expect-accept-early-data
+ // -on-resume-expect-reject-early-data
+ // -on-shim-cipher
+ // -on-shim-curves
+ // -peek-then-read
+ // -psk
+ // -read-with-unfinished-write
+ // -reject-alpn
+ // -renegotiate-explicit
+ // -renegotiate-freely
+ // -renegotiate-ignore
+ // -renegotiate-once
+ // -select-alpn
+ // -select-next-proto
+ // -send-alert
+ // -send-channel-id
+ // -server-preference
+ // -shim-shuts-down
+ // -signed-cert-timestamps
+ // -signing-prefs
+ // -srtp-profiles
+ // -tls-unique
+ // -use-client-ca-list
+ // -use-ocsp-callback
+ // -use-old-client-cert-callback
+ // -verify-fail
+ // -verify-peer
+ // -verify-prefs
+)
+
+func bogoShim() {
+ if *isHandshakerSupported {
+ fmt.Println("No")
+ return
+ }
+
+ cfg := &Config{
+ ServerName: "test",
+
+ MinVersion: uint16(*minVersion),
+ MaxVersion: uint16(*maxVersion),
+
+ ClientSessionCache: NewLRUClientSessionCache(0),
+ }
+
+ if *noTLS13 && cfg.MaxVersion == VersionTLS13 {
+ cfg.MaxVersion = VersionTLS12
+ }
+
+ if *keyfile != "" || *certfile != "" {
+ pair, err := LoadX509KeyPair(*certfile, *keyfile)
+ if err != nil {
+ log.Fatalf("load key-file err: %s", err)
+ }
+ cfg.Certificates = []Certificate{pair}
+ }
+ if *trustCert != "" {
+ pool := x509.NewCertPool()
+ certFile, err := os.ReadFile(*trustCert)
+ if err != nil {
+ log.Fatalf("load trust-cert err: %s", err)
+ }
+ block, _ := pem.Decode(certFile)
+ cert, err := x509.ParseCertificate(block.Bytes)
+ if err != nil {
+ log.Fatalf("parse trust-cert err: %s", err)
+ }
+ pool.AddCert(cert)
+ cfg.RootCAs = pool
+ }
+
+ if *requireAnyClientCertificate {
+ cfg.ClientAuth = RequireAnyClientCert
+ }
+
+ for i := 0; i < *resumeCount+1; i++ {
+ conn, err := net.Dial("tcp", net.JoinHostPort("localhost", *port))
+ if err != nil {
+ log.Fatalf("dial err: %s", err)
+ }
+ defer conn.Close()
+
+ // Write the shim ID we were passed as a little endian uint64
+ shimIDBytes := make([]byte, 8)
+ binary.LittleEndian.PutUint64(shimIDBytes, *shimID)
+ if _, err := conn.Write(shimIDBytes); err != nil {
+ log.Fatalf("failed to write shim id: %s", err)
+ }
+
+ var tlsConn *Conn
+ if *server {
+ tlsConn = Server(conn, cfg)
+ } else {
+ tlsConn = Client(conn, cfg)
+ }
+
+ if *shimWritesFirst {
+ if _, err := tlsConn.Write([]byte("hello")); err != nil {
+ log.Fatalf("write err: %s", err)
+ }
+ }
+
+ for {
+ buf := make([]byte, 500)
+ n, err := tlsConn.Read(buf)
+ if err == io.EOF {
+ break
+ }
+ if err != nil {
+ log.Fatalf("read err: %s", err)
+ }
+ buf = buf[:n]
+ for i := range buf {
+ buf[i] ^= 0xff
+ }
+ if _, err := tlsConn.Write(buf); err != nil {
+ log.Fatalf("write err: %s", err)
+ }
+ }
+ }
+}
+
+func TestBogoSuite(t *testing.T) {
+ testenv.SkipIfShortAndSlow(t)
+ testenv.MustHaveExternalNetwork(t)
+ testenv.MustHaveGoRun(t)
+ testenv.MustHaveExec(t)
+
+ if testing.Short() {
+ t.Skip("skipping in short mode")
+ }
+
+ const boringsslModVer = "v0.0.0-20240412155355-1c6e10495e4f"
+ output, err := exec.Command("go", "mod", "download", "-json", "github.com/google/boringssl@"+boringsslModVer).CombinedOutput()
+ if err != nil {
+ t.Fatalf("failed to download boringssl: %s", err)
+ }
+ var j struct {
+ Dir string
+ }
+ if err := json.Unmarshal(output, &j); err != nil {
+ t.Fatalf("failed to parse 'go mod download' output: %s", err)
+ }
+
+ cwd, err := os.Getwd()
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ args := []string{
+ "test",
+ ".",
+ fmt.Sprintf("-shim-config=%s", filepath.Join(cwd, "bogo_config.json")),
+ fmt.Sprintf("-shim-path=%s", os.Args[0]),
+ "-shim-extra-flags=-bogo-mode",
+ "-allow-unimplemented",
+ "-loose-errors", // TODO(roland): this should be removed eventually
+ }
+ if *bogoFilter != "" {
+ args = append(args, fmt.Sprintf("-test=%s", *bogoFilter))
+ }
+
+ goCmd, err := testenv.GoTool()
+ if err != nil {
+ t.Fatal(err)
+ }
+ cmd := exec.Command(goCmd, args...)
+ cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
+ cmd.Dir = filepath.Join(j.Dir, "ssl/test/runner")
+ err = cmd.Run()
+ if err != nil {
+ t.Fatalf("bogo failed: %s", err)
+ }
+}