Am 22.01.2019 um 20:54 schrieb Adam Langley:
> On Tue, Jan 22, 2019 at 11:45 AM Aleksandar Lazic <[email protected]> wrote:
>> Can it be reused to test a specific server like?
>>
>> ssl/test/runner/runner -test "KeyUpdate-ToServer" 127.0.0.1:8443
>
> Not easily: it drives the implementation under test by forking a
> process and has quite a complex interface via command-line arguments.
> (I.e.
> https://boringssl.googlesource.com/boringssl/+/eadef4730e66f914d7b9cbb2f38ecf7989f992ed/ssl/test/test_config.h)
>
>> or should be a small c/go program be used for that test?
>
> You could easily tweak transport_common.cc to call SSL_key_update
> before each SSL_write or so.
Great.
To be on the save site, I would like to add the following lines
###
if (!SSL_key_update(ssl, SSL_KEY_UPDATE_NOT_REQUESTED)) {
fprintf(stderr, "SSL_key_update failed.\n");
return false;
}
###
before this line.
https://boringssl.googlesource.com/boringssl/+/master/tool/transport_common.cc#706
Sorry for my dump question, I just want to be save not to break something.
It would be nice to have the option '-key-update' in client.cc and server.cc
where can I put this feature request for boringssl?
That would be make the test easy with this command.
`./tool/bssl s_client -key-update -connect $test-haproxy-instance `
> Cheers
>
> AGL
Regards
Aleks
