Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor golang tests using openssl #49

Closed
claucece opened this issue Dec 21, 2020 · 4 comments
Closed

Refactor golang tests using openssl #49

claucece opened this issue Dec 21, 2020 · 4 comments

Comments

@claucece
Copy link
Contributor

claucece commented Dec 21, 2020
edited
Loading

The TLS reference tests run a connection against a reference implementation: OpenSSL of TLS and record the bytes of the resulting connection. The command is basically:

bin/go test -v ./src/crypto/tls/... -update

It needs openssl version 1.1, which is sometimes checked by using the checkOpenSSLVersion func.
As that function explains, in order to run the tests, it is needed to install openssl from source and configure it with enable-weak-ssl-ciphers option. It is also needed to install it somewhere that is not replacing the Openssl that comes with the OS, as this can create problems for other applications using openssl: openssl/openssl#9268, so you will want to change the prefix and --openssldir flags accordingly.

On some architectures, it seems that is also needed to configure it with no-shared option, as seen here: https://github.com/thomwiggers/go-1/commit/7c8eefb03cda32c7987b31357d22a8d5d39b5d71 .

Running the -update on the tests sometimes makes them hang or sometimes the code is unable to find the openssl command.

After some examination, it seems that the test that specifically needs all of this is: 5781fef for the deprecated RSA-RC4.

Perhaps, we can do better than this by having a formula or a place to get openssl1.1 correctly configured to run the command. Perhaps, we only need that for the RSA-RC4 case.
@claucece
Copy link
Contributor Author

cc./ @chris-wood

@claucece
Copy link
Contributor Author

I also added some of my findings to the wiki: https://github.com/cloudflare/go/wiki/Starting-out#how-to-regenerate-the-tls-testdata

@claucece claucece changed the title Refactor golang using openssl tests Refactor golang tests using openssl Dec 21, 2020
@armfazh
Copy link
Contributor

armfazh commented Dec 22, 2020

one way to enforce OpenSSL runs from the build directory is by specifying the full path in openssl command.

$ ./Cofingure --prefix=/tmp/installOSSL
$ make 
$ make install

so you can verify that the openssl binary actually uses the recently-compiled libraries (and not the ones form file system) by specifying the LD_LIBRARYP_PATH environment variable.

$ LD_LIBRARY_PATH=/tmp/installOSSL/lib  ldd /tmp/installOSSL/bin/openssl
	linux-vdso.so.1 (0x00007ffed1faf000)
	libssl.so.3 => ./lib/libssl.so.3 (0x00007fab45329000)
	libcrypto.so.3 => ./lib/libcrypto.so.3 (0x00007fab44ce4000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fab44ac5000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fab446d4000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fab444d0000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fab458b7000)

@claucece claucece mentioned this issue Mar 2, 2021
Open
@claucece
Copy link
Contributor Author

claucece commented Mar 2, 2021

I'll be checking this here: https://github.com/claucece/go-exp

@claucece claucece closed this as completed Mar 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@claucece @armfazh