test: Adds SSLv3 integ test #4372
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
goatgoose
approved these changes
Jan 24, 2024
dougch
approved these changes
Jan 25, 2024
|
|
||
| override_env_vars = dict() | ||
| override_env_vars["PATH"] = install_dir + "/bin" | ||
| override_env_vars["LD_LIBRARY_PATH"] = install_dir + "/lib" |
There was a problem hiding this comment.
Normally over-writing this is fraught with peril, but it looks like the framework gets away with it, so long as the process/ManagedProcess code only runs one binary and doesn't mess with the top level environment.
| @@ -5,7 +5,7 @@ skipsdist = True | |||
| [testenv] | |||
| # install pytest in the virtualenv where commands will be executed | |||
| setenv = S2N_INTEG_TEST = 1 | |||
| passenv = DYLD_LIBRARY_PATH, LD_LIBRARY_PATH, OQS_OPENSSL_1_1_1_INSTALL_DIR, HOME, TOX_TEST_NAME | |||
| passenv = DYLD_LIBRARY_PATH, LD_LIBRARY_PATH, OQS_OPENSSL_1_1_1_INSTALL_DIR, OPENSSL_1_0_2_INSTALL_DIR, HOME, TOX_TEST_NAME | |||
There was a problem hiding this comment.
The equivalent in nix will be an addition to the shellHook stanza, but let's do this as a future change.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolved issues:
Resolves #3810
Description of changes:
Adds an integ sslv3 test to our happy_path_test cases. I created a new provider called SSLv3Provider that only negotiates SSLv3. It's openssl 1.0.2, and I overrode the PATH and LD_LIBRARY env variables to get the test to actually use that version instead of the libssl default, openssl 1.1.1.
Call-outs:
The curves P-384 and P-521 can't be negotiated in SSLv3. This is because Openssl doesn't send any extensions in SSLv3 and so there's no way for the peer to know which curve is being negotiated. The curve P-256 will work however as it is the default.
Testing:
Link to the run that contains the passing SSLv3 tests. It's kind of hard to find since our codebuild jobs don't have descriptive names. You might have to search for "SSLv3Provider" to find the passing tests that I added.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.