On Wed, 15 Jan 2025, Stephen Farrell via curl-library wrote:
I'd like to add some tests that exercise the experimental ECH feature, but haven't done anything much on that as it seems like it'd be a lot of work to add an ECH-enabled TLS server to the test harness. So I'm looking for ideas on what to do there if someone has any...
It would indeed be good to have a proper server implementation so that we can verify the client side.
Would it be hard to write our own stunnel-like TLS server that supports ECH? Having our own test server for this would be great as that would also allow us to do tests with slightly broken or slow responses etc.
For testing purpsoses a server implementation might also be allowed to take some shortcuts.
One possibility, but maybe a bad idea, might be to use lightttpd as a server - that now also has experimental ECH code, but downloading and building that as part of a curl test also seems a bit OTT.
It would be a little bit quirky, yes. I noticed you've done some work on an Apache patch. Since we already run Apache for some tests, maybe that is a more sensible route?
Using an external server could be done, but is obviously vulnerable to bitrot
External servers are complicated to use for testing in the long run and even in the short term for the set of users who can't access the outside when running the tests.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html