Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(integV2): remove unused protocol in well-known-endpoints #4875

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix(integV2): remove unused protocol in well-known-endpoints #4875

wants to merge 4 commits into from

Conversation

jmayclin
Copy link
Contributor

@jmayclin jmayclin commented Nov 6, 2024
edited
Loading

Description of changes:

This test queries each endpoint more than necessary.

The current test runs once for each protocol/cipher tuple. But the protocol has little effect on the security policy selection, so there are lots of duplicate test runs.

s2n-tls/tests/integrationv2/providers.py

Lines 243 to 251 in 53691f9

# If the test provided a cipher (security policy) that is compatible with
# s2n, we'll use it. Otherwise, default to the appropriate `test_all` policy.
cipher_prefs = 'test_all_tls12'
if self.options.protocol is Protocols.TLS13:
cipher_prefs = 'test_all'
if self.options.cipher and self.options.cipher.s2n:
cipher_prefs = self.options.cipher.name
cmd_line.extend(['-c', cipher_prefs])

E.g, all of the following tuples have the same exact configuration, because of the cipher preferences override on line 249.

  • sslv3, pq-123,
  • tls 1.0, pq-123,
  • tls 1.1, pq-123
  • tls 1.2, pq-123,
  • tls 1.3, pq-123,

So each endpoint was queried 5 * 6 = 30 times, even though most queries were duplicates. After this change, each endpoints will only be queried 6 times.

I think that is still excessive, but this PR keeps coverage strictly the same, and only removes duplicated queries.

Testing:

Existing CI should pass

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jmayclin jmayclin marked this pull request as ready for review November 6, 2024 21:56
@github-actions github-actions bot added the s2n-core team label Nov 6, 2024
dougch
dougch reviewed Nov 6, 2024
View reviewed changes
Copy link
Contributor

@dougch dougch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much faster, but I'm getting a noneType failure without this:

diff --git a/tests/integrationv2/utils.py b/tests/integrationv2/utils.py
index 3d7c20221..c96fb0d43 100644
--- a/tests/integrationv2/utils.py
+++ b/tests/integrationv2/utils.py
@@ -81,7 +81,7 @@ def invalid_test_parameters(*args, **kwargs):
             return True

     for provider_ in providers:
-        if not provider_.supports_protocol(protocol):
+        if protocol and not provider_.supports_protocol(protocol):
             return True

@jmayclin
handle undefined protocol.
a3f36ba 
I miss statically types languages.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dougch dougch dougch left review comments

@goatgoose goatgoose Awaiting requested review from goatgoose

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmayclin @dougch