[Mono-dev] Integration Tests

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Thu Feb 5 13:45:11 UTC 2015

> From: Miguel de Icaza [mailto:miguel at xamarin.com]
> • We are setting up a more comprehensive harness for SSL/TLS tests that do
> not depend on remote servers.

This is much appreciated, thank you very much.  There is one thing you didn't mention:

As far as I can tell, no mono developer has ever tested the real world use case of SslStream.AuthenticateAsServer with an intermediate cert connecting to SslStream.AuthenticateAsClient.  As far as I can tell, no mono developer has ever bothered to run the test I provided in the pull request.  The end result is that mono's implementation of SslStream.AuthenticateAsServer is simply broken, not usable, has never worked, still broken today.  I have a dirty hacked fork of mono that made it work, but those changes not suitable for pull into mono (see: dirty, hacked).

If it helps, I wrote a script that automates the creation of a root CA, intermediate, and signing of a server cert, suitable to be used in such a test.  Even if the script doesn't get run automatically in the build process, it's perfectly acceptable to generate certs in advance and hard-code them into the tests, as is done in existing pull-request test today.

The script is here:

And having used the above script to generate some certs, a hard-coded result is stored here:

There is no reasonable reason to expect it to ever work, if it's not tested.

More information about the Mono-devel-list mailing list