From 7356c086c4797aa677a141f9f7bfbd16e0d19c63 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 1 Apr 2024 16:30:36 -0700 Subject: [PATCH 1/6] skip bad test --- tests/tls_handler_test.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index 1a7f94ddf..504cb19a7 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1309,7 +1309,10 @@ AWS_STATIC_STRING_FROM_LITERAL(s_uncommon_rsa8192_host_name, "rsa8192.badssl.com static int s_tls_client_channel_negotiation_success_rsa8192_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - return s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL); + // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the test or we find a + // better alternative. + // s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) + return AWS_OP_SKIP; } AWS_TEST_CASE(tls_client_channel_negotiation_success_rsa8192, s_tls_client_channel_negotiation_success_rsa8192_fn) From 470769fbd9573ceba48fd18128fe3618ee448ecb Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 1 Apr 2024 16:33:35 -0700 Subject: [PATCH 2/6] unused warning fix --- tests/tls_handler_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index 504cb19a7..a0b0ff18f 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1309,6 +1309,7 @@ AWS_STATIC_STRING_FROM_LITERAL(s_uncommon_rsa8192_host_name, "rsa8192.badssl.com static int s_tls_client_channel_negotiation_success_rsa8192_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; + (void)s_uncommon_rsa8192_host_name; // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the test or we find a // better alternative. // s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) From 0fc94d27b87046dc7203ffba13682343f8fd2660 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 1 Apr 2024 16:34:28 -0700 Subject: [PATCH 3/6] Fix comment --- tests/tls_handler_test.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index a0b0ff18f..61495a91a 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1310,9 +1310,8 @@ AWS_STATIC_STRING_FROM_LITERAL(s_uncommon_rsa8192_host_name, "rsa8192.badssl.com static int s_tls_client_channel_negotiation_success_rsa8192_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; (void)s_uncommon_rsa8192_host_name; - // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the test or we find a - // better alternative. - // s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) + // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the certificate or we find + // a better alternative. s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) return AWS_OP_SKIP; } From ecf2f82ca4f02607f6f5804fbebf2438fe0e6ede Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Mon, 1 Apr 2024 17:11:20 -0700 Subject: [PATCH 4/6] Return AWS_OP_SUCCESS. Skip still counts as failure. --- tests/tls_handler_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index 61495a91a..bbf694bcc 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1312,7 +1312,7 @@ static int s_tls_client_channel_negotiation_success_rsa8192_fn(struct aws_alloca (void)s_uncommon_rsa8192_host_name; // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the certificate or we find // a better alternative. s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) - return AWS_OP_SKIP; + return AWS_OP_SUCCESS; } AWS_TEST_CASE(tls_client_channel_negotiation_success_rsa8192, s_tls_client_channel_negotiation_success_rsa8192_fn) From 2bcff65789b4c89f1f7157418a3058d521dc02e1 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Tue, 2 Apr 2024 09:15:23 -0700 Subject: [PATCH 5/6] another warning fix --- tests/tls_handler_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index bbf694bcc..a9ac2ff43 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1310,6 +1310,7 @@ AWS_STATIC_STRING_FROM_LITERAL(s_uncommon_rsa8192_host_name, "rsa8192.badssl.com static int s_tls_client_channel_negotiation_success_rsa8192_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; (void)s_uncommon_rsa8192_host_name; + (void)allocator; // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the certificate or we find // a better alternative. s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) return AWS_OP_SUCCESS; From ba77633965629110027a0cbf29267fa19070d0cb Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Khan Date: Tue, 2 Apr 2024 12:37:14 -0700 Subject: [PATCH 6/6] Skip in cmake --- tests/CMakeLists.txt | 4 ++-- tests/tls_handler_test.c | 6 +----- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 5fbdb96aa..e2c3902dc 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -183,13 +183,13 @@ if(NOT BYO_CRYPTO) # Badssl - Secure uncommon suite # We skip 10000san for now as its unclear the point or relevance especially with respect to the OS-based # TLS implementations - # We skip 1000san, sha384 and sha512 because the public badssl certificate is expired and we haven't migrated to + # We skip 1000san, sha384, rsa8192 and sha512 because the public badssl certificate is expired and we haven't migrated to # internal hosting yet # We also defer the incomplete chain test for now until we can do some further study on how to get it to # properly fail on windows and osx. # add_net_test_case(tls_client_channel_negotiation_success_sha384) # add_net_test_case(tls_client_channel_negotiation_success_sha512) - add_net_test_case(tls_client_channel_negotiation_success_rsa8192) + # add_net_test_case(tls_client_channel_negotiation_success_rsa8192) add_net_test_case(tls_client_channel_negotiation_error_no_subject) add_net_test_case(tls_client_channel_negotiation_success_no_verify_no_subject) add_net_test_case(tls_client_channel_negotiation_error_no_common_name) diff --git a/tests/tls_handler_test.c b/tests/tls_handler_test.c index a9ac2ff43..1a7f94ddf 100644 --- a/tests/tls_handler_test.c +++ b/tests/tls_handler_test.c @@ -1309,11 +1309,7 @@ AWS_STATIC_STRING_FROM_LITERAL(s_uncommon_rsa8192_host_name, "rsa8192.badssl.com static int s_tls_client_channel_negotiation_success_rsa8192_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - (void)s_uncommon_rsa8192_host_name; - (void)allocator; - // The certificate for rsa8192.badssl.com is expired. Disable this test until they renew the certificate or we find - // a better alternative. s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL) - return AWS_OP_SUCCESS; + return s_verify_good_host(allocator, s_uncommon_rsa8192_host_name, 443, NULL); } AWS_TEST_CASE(tls_client_channel_negotiation_success_rsa8192, s_tls_client_channel_negotiation_success_rsa8192_fn)