Hello, I've been troubleshooting a few problems with ucspi-ssl<http://www.superscript.com/ucspi-ssl/index.html> interoperating with particular SSL implementations. I am not encountering bugs in openssl itself, but rather bugs in the implementation of the client or server.
I was wondering if there is any standard way to do interoperability testing with SSL clients and servers, to be as confident as possible that it will work with as many other systems as possible? For example, is there a widely used test suite or "torture-test" program that will flush out most common bugs? Or do people mostly rely on manual testing and beta testers to help identify interoperability problems? Also, is there any sort of standard debugging/logging facility when testing a program that uses openssl, that would log calls into and returns from the OpenSSL library? Something like the "-debug" flag to "openssl s_client" does? I am finding myself putting tons of little logging messages into the client while investigating these problems, and am wondering if I am missing an easier way. In particular, it would be nice to have a trace that would be well-understood on the mailing list, and would make it clear what the program was doing without having to get into the source code. Thanks for any tips! -----Scott.
