search

aws / s2n-tls

An implementation of the TLS/SSL protocols
https://aws.github.io/s2n-tls/usage-guide/
Apache License 2.0
4.53k stars 707 forks source link

test: amend implicit use of "default" policy in tests #4778

Closed toidiu closed 1 month ago

toidiu commented 2 months ago

TODO: revert auto-gen script commit prior to merging.

https://github.com/aws/s2n-tls/issues/4765

Description of changes:

As part of adding TLS 1.3 support to the "default", "default_fips" policy, we need to detect and amend implicit use of the "default" policy in tests. This occurs since s2n_config_new() (also s2n_connection_new() but that will be a separate PR) is initialized with the "default" policy by default.

The solution is to auto-insert code which pins the security policy on the config to a numbered policy, eg: EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "20240501"));

Callout

Manual changes to prepare for the auto-generation script are in commit

Auto-insertion script is in commit.

Test fixup via the auto-insertion script is in commit

Testing:

Tests should continue to pass.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

toidiu commented 1 month ago

During review, we discovered that some tests in-fact do want to test the "default" policy. This means that pinning these policies would result in testing regression. Closing this PR until we have a better path forward.