Add unittest for diffrent openssl versions

drwetter · drwetter · commit a499233df23d · 2025-01-22T18:12:53.000+01:00
This adds a unit test to compare a run against google with the supplied openssl version vs /usr/bin/openssl . This would fix #2626. It looks like there are still points to clarify * NPN output is different (bug) * Newer openssl version claims it's ECDH 253 instead of ECDH 256. * Newer openssl version claims for 130x cipher it's ECDH 253, via sockets it´s ECDH/MLKEM. This seems a bug (@dcooper) A todo is also restricing the unit test to the one where openssl is being used. E.g. the ROBOT check and more aren't done with openssl. So there's no value checking this here.
diff --git a/t/12_diff_opensslversions.t b/t/12_diff_opensslversions.t
@@ -0,0 +1,72 @@
+#!/usr/bin/env perl
+
+# Baseline diff test against testssl.sh (csv output)
+#
+# This runs a basic test with the supplied openssl vs /usr/bin/openssl
+
+use strict;
+use Test::More;
+use Data::Dumper;
+use Text::Diff;
+
+my $tests = 0;
+my $prg="./testssl.sh";
+my $check2run="-q --ip=one --color 0 --csvfile";
+my $csvfile="tmp.csv";
+my $csvfile2="tmp2.csv";
+my $cat_csvfile="";
+my $cat_csvfile2="";
+my $uri="google.com";
+my $diff="";
+my $distro_openssl="/usr/bin/openssl";
+
+die "Unable to open $prg" unless -f $prg;
+die "Unable to open $distro_openssl" unless -f $distro_openssl;
+
+# Provide proper start conditions
+unlink "tmp.csv";
+unlink "tmp2.csv";
+
+#1 run
+printf "\n%s\n", "Diff test IPv4 with supplied openssl against \"$uri\"";
+`$prg $check2run $csvfile $uri 2>&1`;
+
+# 2
+printf "\n%s\n", "Diff test IPv4 with $distro_openssl against \"$uri\"";
+`$prg $check2run $csvfile2 --openssl=$distro_openssl $uri 2>&1`;
+
+$cat_csvfile  = `cat $csvfile`;
+$cat_csvfile2 = `cat $csvfile2`;
+
+# Filter for changes that are allowed to occur
+$cat_csvfile  =~ s/HTTP_clock_skew.*\n//g;
+$cat_csvfile2 =~ s/HTTP_clock_skew.*\n//g;
+
+# HTTP time
+$cat_csvfile  =~ s/HTTP_headerTime.*\n//g;
+$cat_csvfile2 =~ s/HTTP_headerTime.*\n//g;
+
+#engine_problem
+$cat_csvfile  =~  s/"engine_problem.*\n//g;
+$cat_csvfile2  =~ s/"engine_problem.*\n//g;
+
+# Nonce in CSP
+$cat_csvfile  =~ s/.nonce-.* //g;
+$cat_csvfile2 =~ s/.nonce-.* //g;
+
+$diff = diff \$cat_csvfile, \$cat_csvfile2;
+
+# Compare the differences -- and print them if there were any
+ok( $cat_csvfile eq $cat_csvfile2, "Check whether CSV outputs match" ) or
+     diag ("\n%s\n", "$diff");
+
+#unlink "tmp.csv";
+#unlink "tmp2.csv";
+
+$tests++;
+done_testing($tests);
+printf "\n";
+
+
+#  vim:ts=5:sw=5:expandtab
+
