Hey folks, With Ben Laurie's help, I recently contributed ssl/heartbeat_test.c, which is a unit test that acts as a regression test against the Heartbleed bug. I'd like to contribute more to the project in the coming months in terms of helping grow a robust suite of unit/integration/automated tests.
It seems that the encryption algorithms themselves are relatively well-tested; in contrast, Heartbleed was an infrastructure bug. It's in shoring up the test coverage of the infrastructure bits where I can be of most direct service, but I'm hoping others may see opportunities to apply similar techniques to more advanced testing issues. I'd like to make sure there are at least a handful of contributors who are willing to work closely with me to establish some new policies around unit testing and code reviews (e.g. no new non-trivial changes without tests; smaller, well-tested changes vs. monolithic, untested changes), in addition to the actual writing of tests. There'd be some tool setup and documentation work as well. The goal would be to help everyone learn effective unit testing strategies so that, over time, test coverage and code quality steadily improves. It will be a lengthy, imperfect process, but one that I believe will ultimately make a positive difference in the code base if people are willing to try it. My goal would be to help everyone learn to fish, to use the tired cliché. I currently have very little knowledge of the OpenSSL code base or community, and I don't have a ton of time to do all the heavy lifting by myself; nor do I think that being the lone "testing guy" would be the best use of my time or in the best interests of OpenSSL. However, I want to contribute however I can to help the community as a whole address this one particular issue, and to maximize the impact of my contributions. Happy to hear people's thoughts on this. If the uptake is positive, I can help organize the effort to get things moving soon. Thanks, Mike ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org