-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor golang tests using openssl #49
Comments
cc./ @chris-wood |
I also added some of my findings to the wiki: https://github.com/cloudflare/go/wiki/Starting-out#how-to-regenerate-the-tls-testdata |
one way to enforce OpenSSL runs from the build directory is by specifying the full path in openssl command. $ ./Cofingure --prefix=/tmp/installOSSL
$ make
$ make install so you can verify that the openssl binary actually uses the recently-compiled libraries (and not the ones form file system) by specifying the $ LD_LIBRARY_PATH=/tmp/installOSSL/lib ldd /tmp/installOSSL/bin/openssl
linux-vdso.so.1 (0x00007ffed1faf000)
libssl.so.3 => ./lib/libssl.so.3 (0x00007fab45329000)
libcrypto.so.3 => ./lib/libcrypto.so.3 (0x00007fab44ce4000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fab44ac5000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fab446d4000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fab444d0000)
/lib64/ld-linux-x86-64.so.2 (0x00007fab458b7000) |
I'll be checking this here: https://github.com/claucece/go-exp |
The TLS reference tests run a connection against a reference implementation: OpenSSL of TLS and record the bytes of the resulting connection. The command is basically:
bin/go test -v ./src/crypto/tls/... -update
It needs openssl version 1.1, which is sometimes checked by using the
checkOpenSSLVersion
func.As that function explains, in order to run the tests, it is needed to install openssl from source and configure it with
enable-weak-ssl-ciphers
option. It is also needed to install it somewhere that is not replacing the Openssl that comes with the OS, as this can create problems for other applications using openssl: openssl/openssl#9268, so you will want to change theprefix
and--openssldir
flags accordingly.On some architectures, it seems that is also needed to configure it with
no-shared
option, as seen here: https://github.com/thomwiggers/go-1/commit/7c8eefb03cda32c7987b31357d22a8d5d39b5d71 .Running the
-update
on the tests sometimes makes them hang or sometimes the code is unable to find the openssl command.After some examination, it seems that the test that specifically needs all of this is: 5781fef for the deprecated
RSA-RC4
.Perhaps, we can do better than this by having a formula or a place to get openssl1.1 correctly configured to run the command. Perhaps, we only need that for the RSA-RC4 case.
The text was updated successfully, but these errors were encountered: