Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: ECH tests - any way to include some without having to add an ECH-enabled TLS server?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 16 Jan 2025 23:39:18 +0100 (CET)
On Wed, 15 Jan 2025, Stephen Farrell via curl-library wrote:
> I'd like to add some tests that exercise the experimental ECH feature, but
> haven't done anything much on that as it seems like it'd be a lot of work to
> add an ECH-enabled TLS server to the test harness. So I'm looking for ideas
> on what to do there if someone has any...
It would indeed be good to have a proper server implementation so that we can
verify the client side.
Would it be hard to write our own stunnel-like TLS server that supports ECH?
Having our own test server for this would be great as that would also allow us
to do tests with slightly broken or slow responses etc.
For testing purpsoses a server implementation might also be allowed to take
some shortcuts.
> One possibility, but maybe a bad idea, might be to use lightttpd as a server
> - that now also has experimental ECH code, but downloading and building that
> as part of a curl test also seems a bit OTT.
It would be a little bit quirky, yes. I noticed you've done some work on an
Apache patch. Since we already run Apache for some tests, maybe that is a more
sensible route?
> Using an external server could be done, but is obviously vulnerable to
> bitrot
External servers are complicated to use for testing in the long run and even
in the short term for the set of users who can't access the outside when
running the tests.
Date: Thu, 16 Jan 2025 23:39:18 +0100 (CET)
On Wed, 15 Jan 2025, Stephen Farrell via curl-library wrote:
> I'd like to add some tests that exercise the experimental ECH feature, but
> haven't done anything much on that as it seems like it'd be a lot of work to
> add an ECH-enabled TLS server to the test harness. So I'm looking for ideas
> on what to do there if someone has any...
It would indeed be good to have a proper server implementation so that we can
verify the client side.
Would it be hard to write our own stunnel-like TLS server that supports ECH?
Having our own test server for this would be great as that would also allow us
to do tests with slightly broken or slow responses etc.
For testing purpsoses a server implementation might also be allowed to take
some shortcuts.
> One possibility, but maybe a bad idea, might be to use lightttpd as a server
> - that now also has experimental ECH code, but downloading and building that
> as part of a curl test also seems a bit OTT.
It would be a little bit quirky, yes. I noticed you've done some work on an
Apache patch. Since we already run Apache for some tests, maybe that is a more
sensible route?
> Using an external server could be done, but is obviously vulnerable to
> bitrot
External servers are complicated to use for testing in the long run and even
in the short term for the set of users who can't access the outside when
running the tests.
-- / daniel.haxx.se || https://rock-solid.curl.dev -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-01-16