tests: add BetterTLS path building test suite. #116
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cpu
commented
Jul 6, 2023
This commit introduces the Netflix BetterTLS[0]'s path building test suite to the webpki integration tests. This project has a test runner for Rustls that will stand up TLS servers to exercise these tests but: * It requires Go. * It needs Rustls in order to do a full TLS handshake with the test servers. * It's slower than testing the path building directly without the TLS bits. To avoid these issues this commit takes a different approach and vendors the exported path building test suite. This is a supported feature[1] of the upstream project and allow us to directly test webpki's path building against the test suite without needing Rustls or Go. [0]: https://github.com/Netflix/bettertls [1]: https://github.com/Netflix/bettertls#exporting-tests-to-run-outside-of-the-bettertls-executor
Codecov Report
@@ Coverage Diff @@
## main #116 +/- ##
==========================================
+ Coverage 95.36% 95.69% +0.32%
==========================================
Files 15 15
Lines 3346 3346
==========================================
+ Hits 3191 3202 +11
+ Misses 155 144 -11 see 4 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
ctz
approved these changes
Jul 6, 2023
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit introduces the Netflix BetterTLS project's path building test suite to the webpki integration tests. I think we can also look at adding some of the other test suites (there's some good stuff for name constraints for example) but path building is the place where I feel like we have the least coverage today.
This project has a test runner for Rustls that will stand up TLS servers to exercise these tests but:
To avoid these issues this commit takes a different approach and vendors the exported path building test suite. This is a supported feature of the upstream project and allows us to directly test webpki's path building against the test suite without needing Rustls or Go.