Skip to content

Commit

Permalink
Add unittest for diffrent openssl versions
Browse files Browse the repository at this point in the history
This adds a unit test to compare a run against google with the supplied openssl
version vs /usr/bin/openssl .

This would fix #2626.

It looks like there are still points to clarify
* NPN output is different (bug)
* Newer openssl version claims it's ECDH 253 instead of ECDH 256.
* Newer openssl version claims for 130x cipher it's ECDH 253, via sockets it´s ECDH/MLKEM. This seems a bug (@dcooper)

A todo is also restricing the unit test to the one where openssl is being used. E.g. the ROBOT check and more aren't done with openssl. So there's no value checking this here.
  • Loading branch information
drwetter committed Jan 22, 2025
1 parent 17f2a5d commit a499233
Showing 1 changed file with 72 additions and 0 deletions.
72 changes: 72 additions & 0 deletions t/12_diff_opensslversions.t
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
#!/usr/bin/env perl

# Baseline diff test against testssl.sh (csv output)
#
# This runs a basic test with the supplied openssl vs /usr/bin/openssl

use strict;
use Test::More;
use Data::Dumper;
use Text::Diff;

my $tests = 0;
my $prg="./testssl.sh";
my $check2run="-q --ip=one --color 0 --csvfile";
my $csvfile="tmp.csv";
my $csvfile2="tmp2.csv";
my $cat_csvfile="";
my $cat_csvfile2="";
my $uri="google.com";
my $diff="";
my $distro_openssl="/usr/bin/openssl";

die "Unable to open $prg" unless -f $prg;
die "Unable to open $distro_openssl" unless -f $distro_openssl;

# Provide proper start conditions
unlink "tmp.csv";
unlink "tmp2.csv";

#1 run
printf "\n%s\n", "Diff test IPv4 with supplied openssl against \"$uri\"";
`$prg $check2run $csvfile $uri 2>&1`;

# 2
printf "\n%s\n", "Diff test IPv4 with $distro_openssl against \"$uri\"";
`$prg $check2run $csvfile2 --openssl=$distro_openssl $uri 2>&1`;

$cat_csvfile = `cat $csvfile`;
$cat_csvfile2 = `cat $csvfile2`;

# Filter for changes that are allowed to occur
$cat_csvfile =~ s/HTTP_clock_skew.*\n//g;
$cat_csvfile2 =~ s/HTTP_clock_skew.*\n//g;

# HTTP time
$cat_csvfile =~ s/HTTP_headerTime.*\n//g;
$cat_csvfile2 =~ s/HTTP_headerTime.*\n//g;

#engine_problem
$cat_csvfile =~ s/"engine_problem.*\n//g;
$cat_csvfile2 =~ s/"engine_problem.*\n//g;

# Nonce in CSP
$cat_csvfile =~ s/.nonce-.* //g;
$cat_csvfile2 =~ s/.nonce-.* //g;

$diff = diff \$cat_csvfile, \$cat_csvfile2;

# Compare the differences -- and print them if there were any
ok( $cat_csvfile eq $cat_csvfile2, "Check whether CSV outputs match" ) or
diag ("\n%s\n", "$diff");

#unlink "tmp.csv";
#unlink "tmp2.csv";

$tests++;
done_testing($tests);
printf "\n";


# vim:ts=5:sw=5:expandtab

0 comments on commit a499233

Please sign in to comment.