The Tests They are A-Changin’

An update to “A Trainy Rain Trip with Rustls and TryTLS”. Rustls now passes all current TryTLS tests. Still having fun.

About a week ago I posted a about my experiences testing Rustls with
TryTLS. A quick recap: Rustls is a TLS library written in the programming languare Rust. TryTLS is a tool for testing TLS library implementations. The aim was to offer both perfectly cromulent TLS connections as well as some ungood ones to Rustls and observe how the library reacts. Rustls survived like a champ. Indeed, it turned out that the tests themselves needed some fine-tuning.

Today I’m happy to tell that some very fine tuning has taken place and Rustls passes all the current TryTLS tests:

What changed? Well, for one, there’s a new TryTLS version 0.3.6 that adds subjectAltNames to the certificates it generates on the fly. Furthermore, badtls.io (a totally separate and most excellent project which TryTLS shamelessly piggybacks) added subjectAltNames to all of its pre-existing test certs. Shout out to wbond, the creator of not only badtls.io but oscrypto and certbuilder libraries which TryTLS also uses!

So, there we go. Even if this time TryTLS could not inform Rustls’s development, Rustls did inform TryTLS’s development. Now TryTLS can better help other TLS library developers push their implementation quality further. And round and round it goes. It’s pretty cool, really.

The used software versions were Rust 1.11.0, Rustls 0.1.2 and TryTLS 0.3.6.