-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: remove load system certs functionality for s2n_default_tls13_config #4897
Conversation
@@ -67,8 +64,13 @@ int s2n_fuzz_test(const uint8_t *buf, size_t len) | |||
POSIX_GUARD(s2n_stuffer_alloc(&fuzz_stuffer, len)); | |||
POSIX_GUARD(s2n_stuffer_write_bytes(&fuzz_stuffer, buf, len)); | |||
|
|||
DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free); | |||
EXPECT_NOT_NULL(config); | |||
POSIX_GUARD(s2n_config_set_cipher_preferences(config, "20240503")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay for simplicity! The old function definitely seems a bit tricky.
It seems like there are two things the old function was doing, which were presumably important for some reason
- enabling TLS 1.3
- loading system certs
Can we call those out (+ why) in a comment here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Release Summary:
Resolved issues:
#4765
Description of changes:
I noticed that
s2n_config_testing_defaults_init_tls13_certs
was only being called from a single fuzz test and could be deleted if we pinned the test to use a new config with the same security policy (20240503
is the currentdefault_tls13
).Testing:
This PR refactors the fuzz test, which should continue to pass.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.