[Mono-dev] Integration Tests
Edward Ned Harvey (mono)
edward.harvey.mono at clevertrove.com
Thu Feb 5 13:45:11 UTC 2015
> From: Miguel de Icaza [mailto:miguel at xamarin.com]
>
> • We are setting up a more comprehensive harness for SSL/TLS tests that do
> not depend on remote servers.
This is much appreciated, thank you very much. There is one thing you didn't mention:
As far as I can tell, no mono developer has ever tested the real world use case of SslStream.AuthenticateAsServer with an intermediate cert connecting to SslStream.AuthenticateAsClient. As far as I can tell, no mono developer has ever bothered to run the test I provided in the pull request. The end result is that mono's implementation of SslStream.AuthenticateAsServer is simply broken, not usable, has never worked, still broken today. I have a dirty hacked fork of mono that made it work, but those changes not suitable for pull into mono (see: dirty, hacked).
If it helps, I wrote a script that automates the creation of a root CA, intermediate, and signing of a server cert, suitable to be used in such a test. Even if the script doesn't get run automatically in the build process, it's perfectly acceptable to generate certs in advance and hard-code them into the tests, as is done in existing pull-request test today.
The script is here:
https://github.com/rahvee/MonoSslStreamServerBug/blob/master/certs/junkca.sh
And having used the above script to generate some certs, a hard-coded result is stored here:
https://github.com/rahvee/mono/commit/02ae92b34f47779c1962d38ffdcf6e732f10b063#diff-05497f49a91426be05c25bbebc4e3a59R59
There is no reasonable reason to expect it to ever work, if it's not tested.
More information about the Mono-devel-list
mailing list