On Tue, 2015-03-03 at 14:43 +0000, Matt Caswell wrote: > > It's the wrong thing to test against *anyway* since there are plenty of > > failure modes in which a regression could be introduced in generic code > > and OpenSSL would remain compatible with *itself* anyway. > > So I'm torn between doing a minimal reimplementation of the server side > > and making OpenSSL talk to that, or a dirty replay attack such as the > > one I had when I was first working it out: > > http://david.woodhou.se/dtls-test.c > The minimal reimplementation sounds like it might be the more flexible > base to work from (and could even be the basis for future DTLSv1/1.2 > tests). But it also sounds like quite a bit more work to me. Either way, > having *some* tests has got to be a lot better than *no* tests like we > have now!
I don't know whether you'd like to depend on gnutls for testing, but I have a test of most ciphersuites [0] in common under various protocols between openssl and gnutls. That currently doesn't cope with DTLS0.9 (gnutls' name of DTLS_BAD_VER), but could easily extend to handle it. regards, Nikos [0]. https://gitorious.org/gnutls/gnutls/source/3754af1c694c829c89ea7865ac1718a763c682c4:tests/suite/testcompat-main-openssl _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
