On Mon, Jun 02, 2014 at 10:38:05AM -0400, Mike Bland wrote: > It seems that the encryption algorithms themselves are relatively > well-tested; in contrast, Heartbleed was an infrastructure bug. It's > in shoring up the test coverage of the infrastructure bits where I can > be of most direct service, but I'm hoping others may see opportunities > to apply similar techniques to more advanced testing issues.
As far as I know the test covering SSL now try to set up a server and client with various options and see that they can connect to each other. It only seems to be testing the happy path. I would like to see more tests covering the non-happy path. That of course also goes for all crypto related things. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org