Unit Tests for Apache's mod_gnutls
==================================

Initial Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

There are a lot of ways that a TLS-capable web server can go wrong.  I
want to at least test for some basic/common configurations.


Running the tests
=================

from the top level of the source, just run:

 make check

from t/ (where this README is), just run:

 make

also from t/ you can also run specific tests (identified by number)
with:

 make t-3

This should be handy when you're just trying to experiment with a new
test and don't want to wait for the full test suite to run.


Adding a Test
=============

Please add more tests!

The simplest way to add a test is (from t/):

 ./newtest

This will prompt you for a simple name for the test and then copy a starting
set of files from tests/00_basic.


Implementation
==============

Each test consists of a directory in t/tests/, which will cause the
test suite to spin up an isolated apache instance and try to connect
to it with gnutls-cli and make a simple HTTP 1.1 request.

By default, these tests are expected to succeed, by having 

In each directory, you can put the following files:

 * apache.conf --  the apache configuration to be used

 * gnutls-cli.args --  the arguments to pass to gnutls-cli

 * input -- the full HTTP request (including the final blank line)

 * output [optional] -- the lines of this file will be checked against
   the same number of lines at the end of the output produced by the
   gnutls-cli process.

 * fail.server [optional] -- if this file exists, it means we expect
   the web server to fail to even start due to some serious
   configuration problem.

 * fail.client [optional] -- if this file exists, it means we expect
   the client to fail to fetch its file.  If you already have
   fail.server, do not also specify this; we know that a failed server
   should result in a failed file retrieval.


Robustness and Tuning
=====================

These tests aren't nearly as robust as i'd like them to be, but they
work for the moment and they're better than no tests at all.

Here are some things that you might want to tune based on your
expected setup (along with the variables that can be passed to "make
check" to adjust them):

 * they need a functioning loopback device and expect (by default) to
   have IPv6 functionality. [TEST_IP]

 * they expect (by default) the IPv6 loopback to have port 9932
   open. [TEST_PORT]

 * if a machine is particularly slow or under heavy load, it's
   possible that these tests will fail for timing
   reasons. [TEST_QUERY_DELAY (seconds for the http request to be sent
   and responded to)] and [TEST_GAP (seconds to wait between tests)]

 * they assume that the name "localhost" is associated with the IPv6
   loopback address [TEST_HOST]
