mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-30 20:31:15 +01:00
Add unittest for diffrent openssl versions
This adds a unit test to compare a run against google with the supplied openssl version vs /usr/bin/openssl . This would fix #2626. It looks like there are still points to clarify * NPN output is different (bug) * Newer openssl version claims it's ECDH 253 instead of ECDH 256. * Newer openssl version claims for 130x cipher it's ECDH 253, via sockets it´s ECDH/MLKEM. This seems a bug (@dcooper) A todo is also restricing the unit test to the one where openssl is being used. E.g. the ROBOT check and more aren't done with openssl. So there's no value checking this here.
This commit is contained in:
Dirk
parent
17f2a5d5b9
commit
a499233df2
72
t/12_diff_opensslversions.t
Executable file
72
t/12_diff_opensslversions.t
Executable file
@ -0,0 +1,72 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# Baseline diff test against testssl.sh (csv output)
|
||||
#
|
||||
# This runs a basic test with the supplied openssl vs /usr/bin/openssl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use Text::Diff;
|
||||
|
||||
my $tests = 0;
|
||||
my $prg="./testssl.sh";
|
||||
my $check2run="-q --ip=one --color 0 --csvfile";
|
||||
my $csvfile="tmp.csv";
|
||||
my $csvfile2="tmp2.csv";
|
||||
my $cat_csvfile="";
|
||||
my $cat_csvfile2="";
|
||||
my $uri="google.com";
|
||||
my $diff="";
|
||||
my $distro_openssl="/usr/bin/openssl";
|
||||
|
||||
die "Unable to open $prg" unless -f $prg;
|
||||
die "Unable to open $distro_openssl" unless -f $distro_openssl;
|
||||
|
||||
# Provide proper start conditions
|
||||
unlink "tmp.csv";
|
||||
unlink "tmp2.csv";
|
||||
|
||||
#1 run
|
||||
printf "\n%s\n", "Diff test IPv4 with supplied openssl against \"$uri\"";
|
||||
`$prg $check2run $csvfile $uri 2>&1`;
|
||||
|
||||
# 2
|
||||
printf "\n%s\n", "Diff test IPv4 with $distro_openssl against \"$uri\"";
|
||||
`$prg $check2run $csvfile2 --openssl=$distro_openssl $uri 2>&1`;
|
||||
|
||||
$cat_csvfile = `cat $csvfile`;
|
||||
$cat_csvfile2 = `cat $csvfile2`;
|
||||
|
||||
# Filter for changes that are allowed to occur
|
||||
$cat_csvfile =~ s/HTTP_clock_skew.*\n//g;
|
||||
$cat_csvfile2 =~ s/HTTP_clock_skew.*\n//g;
|
||||
|
||||
# HTTP time
|
||||
$cat_csvfile =~ s/HTTP_headerTime.*\n//g;
|
||||
$cat_csvfile2 =~ s/HTTP_headerTime.*\n//g;
|
||||
|
||||
#engine_problem
|
||||
$cat_csvfile =~ s/"engine_problem.*\n//g;
|
||||
$cat_csvfile2 =~ s/"engine_problem.*\n//g;
|
||||
|
||||
# Nonce in CSP
|
||||
$cat_csvfile =~ s/.nonce-.* //g;
|
||||
$cat_csvfile2 =~ s/.nonce-.* //g;
|
||||
|
||||
$diff = diff \$cat_csvfile, \$cat_csvfile2;
|
||||
|
||||
# Compare the differences -- and print them if there were any
|
||||
ok( $cat_csvfile eq $cat_csvfile2, "Check whether CSV outputs match" ) or
|
||||
diag ("\n%s\n", "$diff");
|
||||
|
||||
#unlink "tmp.csv";
|
||||
#unlink "tmp2.csv";
|
||||
|
||||
$tests++;
|
||||
done_testing($tests);
|
||||
printf "\n";
|
||||
|
||||
|
||||
# vim:ts=5:sw=5:expandtab
|
||||
|
||||
Loading…
Reference in New Issue
Block a user