Re: [exim-dev] testsuite vs. gnutls

On 2012-04-25 at 21:09 +0100, Jeremy Harris wrote:
> Running the gnutls tests against the current git HEAD, there
> are many case output differences. Most (not all) look to be
> "cipher=TLS1.2:RSA_AES_256_CBC_SHA1:256" vs.
> "cipher=TLS-1.0:RSA_AES_256_CBC_SHA1:32".
>
> This feels like a normal sort of update-needed. However
> I'm not a user of gnutls so could be wrong. Is someone else
> who is one prepared to take this on?

It's a case of an update needed, I think as a result of PP/07. I fixed
the bit-count to be 8*byte-count, as it was a bug before. I needed to
canonicalise to get the correct bit count for feeding into Cyrus SASL as
the external SSF (and also exported as $tls_bits while I was at it).

The TLS1.2 part will be from PP/10 of the 4.77 release, which enabled
later versions of TLS.

I confess that I tend to only run the test suite against OpenSSL builds,
I need to sort out a better framework for building and testing against
mutually incompatible options. At this point, you're doing a better job
of running the test suite than I am.

-Phil