On 04/04/17 15:34, Thiago Arrais wrote: > Hmmm... The Getting Started page talks about writing test cases. > > It seems like a good start. Is there any area that needs special attention?
Actually I have a suggestion for a fairly small self-contained piece of work suitable for a starting project. The spec has this requirement: As of TLS 1.3, servers are permitted to send the "supported_groups" extension to the client. If the server has a group it prefers to the ones in the "key_share" extension but is still willing to accept the ClientHello, it SHOULD send "supported_groups" to update the client's view of its preferences; this extension SHOULD contain all groups the server supports, regardless of whether they are currently supported by the client. Clients MUST NOT act upon any information found in "supported_groups" prior to successful completion of the handshake, but MAY use the information learned from a successfully completed handshake to change what groups they use in their "key_share" extension in subsequent connections. At the moment we only ever send supported_groups client -> server. Never server -> client. I wouldn't worry about the client acting on this information at this stage. Just start with the server sending it if the selected key_share is not for the most preferred group. Hint: you will need to look at ssl/statem/extensions.c and you will also need to add code to ssl/statem/extensions_srvr.c. I strongly suggest you spend some time looking at some other github pull requests to get a feel for how our submission and review process works, and the kind of review comments that come up. You should also familiarise yourself with our coding style: https://www.openssl.org/policies/codingstyle.html All submissions should include tests. Adding something to test/recipes/70-test_tls13messages.t would probably be sufficient, i.e. a test to demonstrate that sending a preferred key_share results in no supported_groups extension in the EncryptedExtensions message, and then a test to demonstrate that sending an acceptable but non-preferred key_share results in the supported_groups extension being sent. If you are not already familiar with the TLSv1.3 spec then you will need to be. Make sure you read it through and gain a good understanding of it before you start. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
