On 04/06/14 23:29, Kurt Roeckx wrote: > On Mon, Jun 02, 2014 at 10:38:05AM -0400, Mike Bland wrote: >> It seems that the encryption algorithms themselves are relatively >> well-tested; in contrast, Heartbleed was an infrastructure bug. It's >> in shoring up the test coverage of the infrastructure bits where I can >> be of most direct service, but I'm hoping others may see opportunities >> to apply similar techniques to more advanced testing issues. > > As far as I know the test covering SSL now try to set up a server > and client with various options and see that they can connect to > each other. It only seems to be testing the happy path. I would > like to see more tests covering the non-happy path. That of > course also goes for all crypto related things.
That is definitely where the high value will be obtained. But that's a hard problem I think to start with. It might be better to start with something simpler - at least until the team is established and has figured out ways of working. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org