wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/test/ssl_test_ctx_test.c

249 lines
8.2 KiB
C
Raw Normal View History

New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
/*
Remove uses of the TEST_check macro. This macro aborts the test which prevents later tests from executing. It also bypasses the test framework output functionality. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3750)
2017-06-22 04:00:55 +00:00
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
*
Copyright consolidation 02/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 18:20:24 +00:00
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
* https://www.openssl.org/source/license.html
*/
/*
* Ideally, CONF should offer standard parsing methods and cover them
* in tests. But since we have no CONF tests, we use a custom test for now.
*/
#include <stdio.h>
SSL test framework: port NPN and ALPN tests Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-04 18:16:14 +00:00
#include <string.h>
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
Use "" not <> for internal/ includes Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
2017-08-22 12:35:43 +00:00
#include "internal/nelem.h"
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
#include "ssl_test_ctx.h"
#include "testutil.h"
#include <openssl/e_os2.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/ssl.h>
static CONF *conf = NULL;
typedef struct ssl_test_ctx_test_fixture {
const char *test_case_name;
const char *test_section;
/* Expected parsed configuration. */
SSL_TEST_CTX *expected_ctx;
} SSL_TEST_CTX_TEST_FIXTURE;
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
static int clientconf_eq(SSL_TEST_CLIENT_CONF *conf1,
SSL_TEST_CLIENT_CONF *conf2)
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
{
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
if (!TEST_int_eq(conf1->verify_callback, conf2->verify_callback)
|| !TEST_int_eq(conf1->servername, conf2->servername)
|| !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols)
|| !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols)
|| !TEST_int_eq(conf1->ct_validation, conf2->ct_validation))
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
return 0;
return 1;
}
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
static int serverconf_eq(SSL_TEST_SERVER_CONF *serv,
SSL_TEST_SERVER_CONF *serv2)
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
{
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
if (!TEST_int_eq(serv->servername_callback, serv2->servername_callback)
|| !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols)
|| !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols)
|| !TEST_int_eq(serv->broken_session_ticket,
serv2->broken_session_ticket)
|| !TEST_int_eq(serv->cert_status, serv2->cert_status))
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
return 0;
return 1;
}
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra,
SSL_TEST_EXTRA_CONF *extra2)
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
{
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
if (!TEST_true(clientconf_eq(&extra->client, &extra2->client))
|| !TEST_true(serverconf_eq(&extra->server, &extra2->server))
|| !TEST_true(serverconf_eq(&extra->server2, &extra2->server2)))
return 0;
return 1;
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
}
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
static int testctx_eq(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
if (!TEST_int_eq(ctx->method, ctx2->method)
|| !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode)
|| !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size)
|| !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size)
|| !extraconf_eq(&ctx->extra, &ctx2->extra)
|| !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra)
|| !TEST_int_eq(ctx->expected_result, ctx2->expected_result)
|| !TEST_int_eq(ctx->expected_client_alert,
ctx2->expected_client_alert)
|| !TEST_int_eq(ctx->expected_server_alert,
ctx2->expected_server_alert)
|| !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol)
|| !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername)
|| !TEST_int_eq(ctx->session_ticket_expected,
ctx2->session_ticket_expected)
|| !TEST_int_eq(ctx->compression_expected,
ctx2->compression_expected)
|| !TEST_str_eq(ctx->expected_npn_protocol,
ctx2->expected_npn_protocol)
|| !TEST_str_eq(ctx->expected_alpn_protocol,
ctx2->expected_alpn_protocol)
|| !TEST_int_eq(ctx->resumption_expected,
ctx2->resumption_expected))
SSL test framework: port resumption tests Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but will be done in a later change. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:06:23 +00:00
return 0;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
return 1;
}
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
static SSL_TEST_CTX_TEST_FIXTURE *set_up(const char *const test_case_name)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
SSL_TEST_CTX_TEST_FIXTURE *fixture;
if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture))))
return NULL;
fixture->test_case_name = test_case_name;
if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new())) {
OPENSSL_free(fixture);
return NULL;
}
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
return fixture;
}
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
static int execute_test(SSL_TEST_CTX_TEST_FIXTURE *fixture)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
testutil: return 1 on success Require that test methods return 1 on success (not 0). This is more customary for OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-05 12:29:06 +00:00
int success = 0;
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
SSL_TEST_CTX *ctx;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section))
|| !testctx_eq(ctx, fixture->expected_ctx))
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
goto err;
testutil: return 1 on success Require that test methods return 1 on success (not 0). This is more customary for OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-05 12:29:06 +00:00
success = 1;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
err:
SSL_TEST_CTX_free(ctx);
testutil: return 1 on success Require that test methods return 1 on success (not 0). This is more customary for OpenSSL. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-05 12:29:06 +00:00
return success;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
}
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
static void tear_down(SSL_TEST_CTX_TEST_FIXTURE *fixture)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
SSL_TEST_CTX_free(fixture->expected_ctx);
OPENSSL_free(fixture);
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
}
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
#define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \
Change SETUP_TEST_FIXTURE so that the fixture structure is passed by reference not by value. This allows an error return from the setup function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4083)
2017-08-04 00:49:38 +00:00
SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up);
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
#define EXECUTE_SSL_TEST_CTX_TEST() \
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
EXECUTE_TEST(execute_test, tear_down)
[Win] Fix some test method signatures ... to halves MSVC warnings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-15 21:39:03 +00:00
static int test_empty_configuration(void)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
SETUP_SSL_TEST_CTX_TEST_FIXTURE();
Change SETUP_TEST_FIXTURE so that the fixture structure is passed by reference not by value. This allows an error return from the setup function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4083)
2017-08-04 00:49:38 +00:00
if (fixture == NULL)
return 0;
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->test_section = "ssltest_default";
fixture->expected_ctx->expected_result = SSL_TEST_SUCCESS;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
EXECUTE_SSL_TEST_CTX_TEST();
Change SETUP_TEST_FIXTURE so that the fixture structure is passed by reference not by value. This allows an error return from the setup function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4083)
2017-08-04 00:49:38 +00:00
return result;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
}
[Win] Fix some test method signatures ... to halves MSVC warnings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4172)
2017-08-15 21:39:03 +00:00
static int test_good_configuration(void)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
SETUP_SSL_TEST_CTX_TEST_FIXTURE();
Change SETUP_TEST_FIXTURE so that the fixture structure is passed by reference not by value. This allows an error return from the setup function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4083)
2017-08-04 00:49:38 +00:00
if (fixture == NULL)
return 0;
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->test_section = "ssltest_good";
fixture->expected_ctx->method = SSL_TEST_METHOD_DTLS;
fixture->expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
fixture->expected_ctx->app_data_size = 1024;
fixture->expected_ctx->max_fragment_size = 2048;
fixture->expected_ctx->expected_result = SSL_TEST_SERVER_FAIL;
fixture->expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA;
fixture->expected_ctx->expected_server_alert = 0; /* No alert. */
fixture->expected_ctx->expected_protocol = TLS1_1_VERSION;
fixture->expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2;
fixture->expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
fixture->expected_ctx->compression_expected = SSL_TEST_COMPRESSION_NO;
fixture->expected_ctx->resumption_expected = 1;
fixture->expected_ctx->extra.client.verify_callback =
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
SSL_TEST_VERIFY_REJECT_ALL;
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2;
fixture->expected_ctx->extra.client.npn_protocols =
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
OPENSSL_strdup("foo,bar");
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
if (!TEST_ptr(fixture->expected_ctx->extra.client.npn_protocols))
Remove uses of the TEST_check macro. This macro aborts the test which prevents later tests from executing. It also bypasses the test framework output functionality. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3750)
2017-06-22 04:00:55 +00:00
goto err;
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->expected_ctx->extra.server.servername_callback =
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->expected_ctx->extra.server.broken_session_ticket = 1;
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->expected_ctx->resume_extra.server2.alpn_protocols =
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
OPENSSL_strdup("baz");
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
if (!TEST_ptr(fixture->expected_ctx->resume_extra.server2.alpn_protocols))
Remove uses of the TEST_check macro. This macro aborts the test which prevents later tests from executing. It also bypasses the test framework output functionality. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3750)
2017-06-22 04:00:55 +00:00
goto err;
Reorganize SSL test structures Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-21 14:29:48 +00:00
Test fixtures changed to pointers. Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE. This will permit error returns from the setup function and allow for future running tests in parallel. Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-02 03:48:29 +00:00
fixture->expected_ctx->resume_extra.client.ct_validation =
SSL tests: port CT tests, add a few more This commit only ports existing tests, and adds some coverage for resumption. We don't appear to have any handshake tests that cover SCT validation success, and this commit doesn't change that. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-09 14:47:26 +00:00
SSL_TEST_CT_VALIDATION_STRICT;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
EXECUTE_SSL_TEST_CTX_TEST();
Change SETUP_TEST_FIXTURE so that the fixture structure is passed by reference not by value. This allows an error return from the setup function. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4083)
2017-08-04 00:49:38 +00:00
return result;
Remove uses of the TEST_check macro. This macro aborts the test which prevents later tests from executing. It also bypasses the test framework output functionality. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3750)
2017-06-22 04:00:55 +00:00
err:
tear_down(fixture);
return 0;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
}
static const char *bad_configurations[] = {
"ssltest_unknown_option",
SSL test ctx: fix tests Some failure tests were failing for the wrong reason after the CTX refactoring. Update those tests. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-09 12:55:33 +00:00
"ssltest_wrong_section",
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
"ssltest_unknown_expected_result",
"ssltest_unknown_alert",
"ssltest_unknown_protocol",
Remove proxy tests. Add verify callback tests. The old proxy tests test the implementation of an application proxy policy callback defined in the test itself, which is not particularly useful. It is, however, useful to test cert verify overrides in general. Therefore, replace these tests with tests for cert verify callback behaviour. Also glob the ssl test inputs on the .in files to catch missing generated files. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-07 17:07:50 +00:00
"ssltest_unknown_verify_callback",
Fix session ticket and SNI When session tickets are used, it's possible that SNI might swtich the SSL_CTX on an SSL. Normally, this is not a problem, because the initial_ctx/session_ctx are used for all session ticket/id processes. However, when the SNI callback occurs, it's possible that the callback may update the options in the SSL from the SSL_CTX, and this could cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things can happen: 1. The session ticket TLSEXT may not be written when the ticket expected flag is set. The state machine transistions to writing the ticket, and the client responds with an error as its not expecting a ticket. 2. When creating the session ticket, if the ticket key cb returns 0 the crypto/hmac contexts are not initialized, and the code crashes when trying to encrypt the session ticket. To fix 1, if the ticket TLSEXT is not written out, clear the expected ticket flag. To fix 2, consider a return of 0 from the ticket key cb a recoverable error, and write a 0 length ticket and continue. The client-side code can explicitly handle this case. Fix these two cases, and add unit test code to validate ticket behavior. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
"ssltest_unknown_servername",
SSL test framework: port SNI tests Observe that the old tests were partly ill-defined: setting sn_server1 but not sn_server2 in ssltest_old.c does not enable the SNI callback. Fix this, and also explicitly test both flavours of SNI mismatch (ignore / fatal alert). Tests still pass. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 15:20:25 +00:00
"ssltest_unknown_servername_callback",
Fix session ticket and SNI When session tickets are used, it's possible that SNI might swtich the SSL_CTX on an SSL. Normally, this is not a problem, because the initial_ctx/session_ctx are used for all session ticket/id processes. However, when the SNI callback occurs, it's possible that the callback may update the options in the SSL from the SSL_CTX, and this could cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things can happen: 1. The session ticket TLSEXT may not be written when the ticket expected flag is set. The state machine transistions to writing the ticket, and the client responds with an error as its not expecting a ticket. 2. When creating the session ticket, if the ticket key cb returns 0 the crypto/hmac contexts are not initialized, and the code crashes when trying to encrypt the session ticket. To fix 1, if the ticket TLSEXT is not written out, clear the expected ticket flag. To fix 2, consider a return of 0 from the ticket key cb a recoverable error, and write a 0 length ticket and continue. The client-side code can explicitly handle this case. Fix these two cases, and add unit test code to validate ticket behavior. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1098)
2016-05-12 22:16:52 +00:00
"ssltest_unknown_session_ticket_expected",
Add compression tests Check whether we negotiate compression in various scenarios. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2814)
2017-03-01 12:11:51 +00:00
"ssltest_unknown_compression_expected",
Port DTLS version negotiation tests Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 15:49:04 +00:00
"ssltest_unknown_method",
SSL test framework: port resumption tests Systematically test every server-side version downgrade or upgrade. Client version upgrade or downgrade could be tested analogously but will be done in a later change. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:06:23 +00:00
"ssltest_unknown_handshake_mode",
"ssltest_unknown_resumption_expected",
SSL tests: port CT tests, add a few more This commit only ports existing tests, and adds some coverage for resumption. We don't appear to have any handshake tests that cover SCT validation success, and this commit doesn't change that. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-09 14:47:26 +00:00
"ssltest_unknown_ct_validation",
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
};
static int test_bad_configuration(int idx)
{
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
SSL_TEST_CTX *ctx;
Fix a bundle of trailing spaces in several files Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
2017-06-06 15:35:43 +00:00
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf,
bad_configurations[idx]))) {
Simplify tests part 2 1) Remove some unnecessary fixtures 2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has no teardown. 3) Fix return values in ct_test.c (introduced by an earlier refactoring, oops) Note that for parameterized tests, the index (test vector) usually holds all the customization, and there should be no need for a separate test fixture. The CTS test is an exception: it demonstrates how to combine customization with parameterization. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 15:06:12 +00:00
SSL_TEST_CTX_free(ctx);
return 0;
}
return 1;
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
}
Update the test framework so that the need for test_main is removed. Everything that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
2017-07-18 01:48:27 +00:00
int setup_tests(void)
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
{
Update the test framework so that the need for test_main is removed. Everything that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
2017-07-18 01:48:27 +00:00
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
/* argument should point to test/ssl_test_ctx_test.conf */
if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) {
TEST_note("Missing file argument");
return 0;
Convert danetest, ssl_test_ctx_test Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
2017-05-02 12:32:26 +00:00
}
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
ADD_TEST(test_empty_configuration);
ADD_TEST(test_good_configuration);
ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations));
Update the test framework so that the need for test_main is removed. Everything that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
2017-07-18 01:48:27 +00:00
return 1;
}
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
Update the test framework so that the need for test_main is removed. Everything that needed test_main now works using the same infrastructure as tests that used register_tests. This meant: * renaming register_tests to setup_tests and giving it a success/failure return. * renaming the init_test function to setup_test_framework. * renaming the finish_test function to pulldown_test_framework. * adding a user provided global_init function that runs before the test frame work is initialised. It returns a failure indication that stops the stest. * adding helper functions that permit tests to access their command line args. * spliting the BIO initialisation and finalisation out from the test setup and teardown. * hiding some of the now test internal functions. * fix the comments in testutil.h Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3953)
2017-07-18 01:48:27 +00:00
void cleanup_tests(void)
{
New SSL test framework Currently, SSL tests are configured via command-line switches to ssltest.c. This results in a lot of duplication between ssltest.c and apps, and a complex setup. ssltest.c is also simply old and needs maintenance. Instead, we already have a way to configure SSL servers and clients, so we leverage that. SSL tests can now be configured from a configuration file. Test servers and clients are configured using the standard ssl_conf module. Additional test settings are configured via a test configuration. Moreover, since the CONF language involves unnecessary boilerplate, the test conf itself is generated from a shorter Perl syntax. The generated testcase files are checked in to the repo to make it easier to verify that the intended test cases are in fact run; and to simplify debugging failures. To demonstrate the approach, min/max protocol tests are converted to the new format. This change also fixes MinProtocol and MaxProtocol handling. It was previously requested that an SSL_CTX have both the server and client flags set for these commands; this clearly can never work. Guide to this PR: - test/ssl_test.c - test framework - test/ssl_test_ctx.* - test configuration structure - test/handshake_helper.* - new SSL test handshaking code - test/ssl-tests/ - test configurations - test/generate_ssl_tests.pl - script for generating CONF-style test configurations from perl inputs Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 14:14:30 +00:00
NCONF_free(conf);
}
Reference in a new issue Copy permalink