[GH-ISSUE #134] Remove key generation from tests #361

New issue

Open

opened 2026-03-15 22:09:19 +03:00 by kerem · 8 comments

kerem commented 2026-03-15 22:09:19 +03:00

Owner

Copy link

Originally created by @bluejekyll on GitHub (May 17, 2017).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/134

Instead checkin static keys to be used for all testing. This will allow OpenSSL to be dropped as a dependency for tests.

Originally created by @bluejekyll on GitHub (May 17, 2017). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/134 Instead checkin static keys to be used for all testing. This will allow OpenSSL to be dropped as a dependency for tests.

kerem added the

cleanup

label 2026-03-15 22:09:19 +03:00

kerem commented 2026-03-15 22:09:29 +03:00

Author

Owner

Copy link

@bluejekyll commented on GitHub (Aug 24, 2017):

This should remove the requirement for OpenSSL as required dev-dependency.

<!-- gh-comment-id:324538685 --> @bluejekyll commented on GitHub (Aug 24, 2017): This should remove the requirement for OpenSSL as required dev-dependency.

kerem commented 2026-03-15 22:09:35 +03:00

Author

Owner

Copy link

@shammancer commented on GitHub (Aug 25, 2017):

Which tests would you want to remove OpenSSL from?

<!-- gh-comment-id:324803624 --> @shammancer commented on GitHub (Aug 25, 2017): Which tests would you want to remove OpenSSL from?

kerem commented 2026-03-15 22:09:40 +03:00

Author

Owner

Copy link

@shammancer commented on GitHub (Aug 25, 2017):

Why do you have so many different tls implementations?

<!-- gh-comment-id:324805072 --> @shammancer commented on GitHub (Aug 25, 2017): Why do you have so many different tls implementations?

kerem commented 2026-03-15 22:09:45 +03:00

Author

Owner

Copy link

@shammancer commented on GitHub (Aug 25, 2017):

Are the test just testing the same functionality in native-tls, rustls, client/src/tls?

<!-- gh-comment-id:324808428 --> @shammancer commented on GitHub (Aug 25, 2017): Are the test just testing the same functionality in native-tls, rustls, client/src/tls?

kerem commented 2026-03-15 22:09:50 +03:00

Author

Owner

Copy link

@bluejekyll commented on GitHub (Aug 25, 2017):

There are different TLS implementations for different situations. OpenSSL is the default, most general implementation. Rustls is a pure Rust implementation with a dependency on the ring library instead. NativeTLS allows the system default to be used. Each of these is valuable for different scenarios based on peoples needs.

In terms of proof of the DNSSec chain, it's currently split between requiring OpenSSL for some functions and ring for others.

In terms of private keys that are generated, and example is on

github.com/bluejekyll/trust-dns@26ce62f137/server/tests/common/authority.rs (L169)

If you run rg '::generate\(' **/*.rs at the root of the project, it will give a pretty decent list of what needs to be changed. (this uses ripgrep which can be installed with cargo install ripgrep if you're not familiar with it).

What I was thinking of doing for this, was to generate some RSA keys int /tests and use those by loading thing into each test as needed. Does that make sense?

<!-- gh-comment-id:324821433 --> @bluejekyll commented on GitHub (Aug 25, 2017): There are different TLS implementations for different situations. OpenSSL is the default, most general implementation. Rustls is a pure Rust implementation with a dependency on the *ring* library instead. NativeTLS allows the system default to be used. Each of these is valuable for different scenarios based on peoples needs. In terms of proof of the DNSSec chain, it's currently split between requiring OpenSSL for some functions and *ring* for others. In terms of private keys that are generated, and example is on https://github.com/bluejekyll/trust-dns/blob/26ce62f1372d70cd93ff3fdaecc3708da307315f/server/tests/common/authority.rs#L169 If you run `rg '::generate\(' **/*.rs ` at the root of the project, it will give a pretty decent list of what needs to be changed. (this uses ripgrep which can be installed with `cargo install ripgrep` if you're not familiar with it). What I was thinking of doing for this, was to generate some RSA keys int /tests and use those by loading thing into each test as needed. Does that make sense?

kerem commented 2026-03-15 22:09:55 +03:00

Author

Owner

Copy link

@briansmith commented on GitHub (Sep 22, 2017):

What I was thinking of doing for this, was to generate some RSA keys int /tests and use those by loading thing into each test as needed. Does that make sense?

Yes, that makes sense. In particular, I recommend generating them in PKCS#8 format because that's the format that every crypto library seems to natively support now.

Uncoincidentally, I wrote a guide to generating PKCS#8-formatted keys in all the necessary formats and key sizes (except legacy RSA key sizes) here: https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b

<!-- gh-comment-id:331574226 --> @briansmith commented on GitHub (Sep 22, 2017): > What I was thinking of doing for this, was to generate some RSA keys int /tests and use those by loading thing into each test as needed. Does that make sense? Yes, that makes sense. In particular, I recommend generating them in PKCS#8 format because that's the format that every crypto library seems to natively support now. Uncoincidentally, I wrote a guide to generating PKCS#8-formatted keys in all the necessary formats and key sizes (except legacy RSA key sizes) here: https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b

kerem commented 2026-03-15 22:10:00 +03:00

Author

Owner

Copy link

@briansmith commented on GitHub (Sep 22, 2017):

Also, in case you don't know, you can use include_bytes! to include a file as a &[u8] value. See the ring doc tests for examples.

<!-- gh-comment-id:331576980 --> @briansmith commented on GitHub (Sep 22, 2017): Also, in case you don't know, you can use `include_bytes!` to include a file as a `&[u8]` value. See the *ring* doc tests for examples.

kerem commented 2026-03-15 22:10:05 +03:00

Author

Owner

Copy link

@briansmith commented on GitHub (Oct 24, 2017):

Once this is done, all the ring tests can be run even when openssl is disabled. That should be done after this.

<!-- gh-comment-id:338873687 --> @briansmith commented on GitHub (Oct 24, 2017): Once this is done, all the *ring* tests can be run even when openssl is disabled. That should be done after this.

kerem referenced this issue 2026-03-16 02:03:30 +03:00

[PR #361] [MERGED] Upgrade tokio to 0.1.15 #1381

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

david/conformance-dnssec-negative-tests

prepare-0.26.1

release/0.26

query-api

opt-types

cname-nsec

no-cname-recursion

conformance-min-ttl

dname-base

drop-message-request

no-error-queries

cpu-sig0-rm-message-sig_dev

cpu-tsig-test-update_dev

windows-config

dnssec-net

release/0.25

opp-enc-persist

integration-test

cpu-tidying-recursor-opts_dev

happy-eyeballs

david/authoritative-zone-storage-trait

dnssec-ad

no-authority

release/0.24

pvdrz/remove-top-file

pvdrz/h3-handshake-timeout

pvdrz/quic-handshake-timeout

nxdomain-for-recursor

ja-test-merque-queue

ja-fix-ci-again

sz-add-ede-tests

sz-test-tc-bit-with-large-response

sz-fix-tokio-dependency

gh-2275-test-rrsig-signature

refactor-sign-zone-file

fix-1.79-cleanliness

update-nightly-hash

release/0.23

gh-pages

use-just-for-server-toml

release/0.22

revert-1874-cpu-zone-parse-default-class

disable-bind-compatibility-tests

disable-test_tls_client_stream_ipv4

update-native-tls-0.2.11

recursor-tests

fix-clippy-self

release/0.20

saethlin-fix-rdata-zero

release/0.19

flat_name

drop_unused_futures

release/0.18

release-r0.12-cs0.17

release/r0.12-cs0.17

trust-dns-book

r0.10

test-connections-not-dropped

fix_exec_status_on_rs_files

release-0.9

add-mutex-to-integration-tests

0.8_release

bfry/dns-crypt

v0.26.0

v0.26.0-beta.4

v0.26.0-beta.3

v0.26.0-beta.2

v0.26.0-beta.1

v0.26.0-alpha.1

v0.25.2

v0.25.1

v0.25.0

v0.24.4

v0.24.3

v0.25.0-alpha.5

v0.24.2

v0.25.0-alpha.4

v0.25.0-alpha.3

v0.25.0-alpha.2

v0.25.0-alpha.1

v0.24.1

v0.23.2

v0.24.0

v0.23.1

v0.23.0

v0.23.0-alpha.5

v0.23.0-alpha.4

v0.23.0-alpha.3

v0.22.1

v0.23.0-alpha.2

v0.23.0-alpha.1

v0.22.0

v0.21.2

v0.21.1

v0.21.0

v0.21.0-alpha.5

v0.20.4

v0.21.0-alpha.4

v0.21.0-alpha.3

v0.21.0-alpha.2

v0.21.0-alpha.1

v0.20.3

v0.20.2

v0.20.1

v0.19.7

v0.20.0

0.19.6

v0.20.0-alpha.3

v0.20.0-alpha.2

v0.20.0-alpha.1

0.19.5

0.19.4

0.19.3

0.19.0

0.18.1

0.18

0.18.0.alpha.2

r0.12_cs0.17

r0.11.1

cs0.16.1

r0.11

cs0.16

r0.10.1

r0.10.0

cs0.15.0

r0.9.1

v0.14.0

r0.9.0

r0.8.1

r0.8.0

v0.13.0

r0.7.0

c0.12.0

r0.6.0

r0.5.0

resolver.0.4.0

0.11.0

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.3

0.9.2

0.9.1

0.9.0

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.5.3

0.5.1

0.5.0

0.4.0

0.3.1

0.3.0

0.2.1

0.2.0

0.1.0

Labels

Clear labels   

blocked

  

breaking-change

  

bug

  

bug:critical

  

bug:tests

  

cleanup

  

compliance

  

compliance

  

compliance

  

crate:all

  

crate:client

  

crate:native-tls

  

crate:proto

  

crate:recursor

  

crate:resolver

  

crate:resolver

  

crate:rustls

  

crate:server

  

crate:util

  

dependencies

  

docs

  

duplicate

  

easy

  

easy

  

enhance

  

enhance

  

enhance

  

feature:dns-over-https

  

feature:dns-over-quic

  

feature:dns-over-tls

  

feature:dnsssec

  

feature:global_lb

  

feature:mdns

  

feature:tsig

  

features:edns

  

has workaround

  

ops

  

perf

  

platform:WASM

  

platform:android

  

platform:fuchsia

  

platform:linux

  

platform:macos

  

platform:windows

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

test

  

tools

  

tools

  

trust

  

unclear

  

wontfix

No labels

blocked

breaking-change

bug

bug:critical

bug:tests

cleanup

compliance

compliance

compliance

crate:all

crate:client

crate:native-tls

crate:proto

crate:recursor

crate:resolver

crate:resolver

crate:rustls

crate:server

crate:util

dependencies

docs

duplicate

easy

easy

enhance

enhance

enhance

feature:dns-over-https

feature:dns-over-quic

feature:dns-over-tls

feature:dnsssec

feature:global_lb

feature:mdns

feature:tsig

features:edns

has workaround

ops

perf

platform:WASM

platform:android

platform:fuchsia

platform:linux

platform:macos

platform:windows

pull-request

question

test

tools

tools

trust

unclear

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hickory-dns#361

No description provided.