From a499233df23d35b45e0e29895d4e1925a38bacb1 Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 22 Jan 2025 18:12:53 +0100 Subject: [PATCH] Add unittest for diffrent openssl versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds a unit test to compare a run against google with the supplied openssl version vs /usr/bin/openssl . This would fix #2626. It looks like there are still points to clarify * NPN output is different (bug) * Newer openssl version claims it's ECDH 253 instead of ECDH 256. * Newer openssl version claims for 130x cipher it's ECDH 253, via sockets it´s ECDH/MLKEM. This seems a bug (@dcooper) A todo is also restricing the unit test to the one where openssl is being used. E.g. the ROBOT check and more aren't done with openssl. So there's no value checking this here. --- t/12_diff_opensslversions.t | 72 +++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100755 t/12_diff_opensslversions.t diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t new file mode 100755 index 0000000..883ba17 --- /dev/null +++ b/t/12_diff_opensslversions.t @@ -0,0 +1,72 @@ +#!/usr/bin/env perl + +# Baseline diff test against testssl.sh (csv output) +# +# This runs a basic test with the supplied openssl vs /usr/bin/openssl + +use strict; +use Test::More; +use Data::Dumper; +use Text::Diff; + +my $tests = 0; +my $prg="./testssl.sh"; +my $check2run="-q --ip=one --color 0 --csvfile"; +my $csvfile="tmp.csv"; +my $csvfile2="tmp2.csv"; +my $cat_csvfile=""; +my $cat_csvfile2=""; +my $uri="google.com"; +my $diff=""; +my $distro_openssl="/usr/bin/openssl"; + +die "Unable to open $prg" unless -f $prg; +die "Unable to open $distro_openssl" unless -f $distro_openssl; + +# Provide proper start conditions +unlink "tmp.csv"; +unlink "tmp2.csv"; + +#1 run +printf "\n%s\n", "Diff test IPv4 with supplied openssl against \"$uri\""; +`$prg $check2run $csvfile $uri 2>&1`; + +# 2 +printf "\n%s\n", "Diff test IPv4 with $distro_openssl against \"$uri\""; +`$prg $check2run $csvfile2 --openssl=$distro_openssl $uri 2>&1`; + +$cat_csvfile = `cat $csvfile`; +$cat_csvfile2 = `cat $csvfile2`; + +# Filter for changes that are allowed to occur +$cat_csvfile =~ s/HTTP_clock_skew.*\n//g; +$cat_csvfile2 =~ s/HTTP_clock_skew.*\n//g; + +# HTTP time +$cat_csvfile =~ s/HTTP_headerTime.*\n//g; +$cat_csvfile2 =~ s/HTTP_headerTime.*\n//g; + +#engine_problem +$cat_csvfile =~ s/"engine_problem.*\n//g; +$cat_csvfile2 =~ s/"engine_problem.*\n//g; + +# Nonce in CSP +$cat_csvfile =~ s/.nonce-.* //g; +$cat_csvfile2 =~ s/.nonce-.* //g; + +$diff = diff \$cat_csvfile, \$cat_csvfile2; + +# Compare the differences -- and print them if there were any +ok( $cat_csvfile eq $cat_csvfile2, "Check whether CSV outputs match" ) or + diag ("\n%s\n", "$diff"); + +#unlink "tmp.csv"; +#unlink "tmp2.csv"; + +$tests++; +done_testing($tests); +printf "\n"; + + +# vim:ts=5:sw=5:expandtab +