Add regression test for recently added OpenSSL 1.1 support #66
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Requires `openssl` and `sed` binaries to be on the path, which should be fine considering an SSL library is needed for the test and sed is already used in the makefile. The openssl binary should support the same protocol versions as the SSL library used to build Csocket and this test, otherwise the protocol version checks will fail.
|
I've only had the chance to run it on 1.1.0c, but so far it looks good. Will try with more version and configuration when I have some time. As for OpenSSL 0.9.8, I'm not quite sure if support is desire, but I'll see if I can find out. |
|
Thats a great question. I would say we only need to support openssl >= 1.0.2, but I still see plenty of shell servers using 0.9.8. So I guess we better continue to support 0.9.8 for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This took a bit longer than I would've liked but as requested in #64 here is a regression test for all the methods I touched while adding OpenSSL 1.1 support.
Requires
opensslandsedbinaries to be on the path, which should be fine considering an SSL library is needed for the test and sed is already used in the makefile.The openssl binary should support the same protocol versions as the SSL library used to build Csocket and this test, otherwise the protocol version checks will fail.
The bulk of the makefile changes were so that libraries are only linked when needed. This would've taken longer if I had to worry about compiling curl against every OpenSSL when this test doesn't use curl, or if I had to find out how to get cares on the ancient system I'm using.
SSLv2 is omitted from the test - it was consistently failing to connect whenever OpenSSL was compiled with it enabled, and since it's cryptographically broken anyway I didn't think it was worth spending the time trying to make it work. It's easily added back to the test if wanted, making it pass is another matter.
I've run this test on Debian against 6b28102 (just before the OpenSSL 1.1 support merged in) and 94e21a8 (current master). OpenSSL 1.0.0t, 1.0.1u, 1.0.2j and 1.1.0c were freshly compiled for each of the following configure options:
shared enable-ssl3 enable-ssl3-method,shared no-ssl3, andshared no-ssl2 no-ssl3 no-md4 no-comp. All these combinations pass this regression test (1.1 obviously only with the latter commit).OpenSSL 0.9.8 fails most of this test but I haven't spent much time trying to fix it. In any case, 1 minor build error in Csocket itself was introduced after my code was refactored. Is support for this ancient version still desired?