Investing in our test suite

OpenSSL Foundation has been awarded a significant grant from Nominet DNS Fund to improve our test suite in the OpenSSL Library. Testing coverage is one of our priority areas of focus for 2026, and we are grateful for this support, which will enable us to put focused effort on improving our test suite over a six month period. Specifically, this grant will help us put in place tools, mechanisms and frameworks to enable improved unit testing, memory validation testing, and mocking capabilities.

Nominet DNS Fund was launched in 2025 by Nominet, a public benefit company and the United Kingdom’s national domain name registry. This award comes from their first round of funding.

Paul Fletcher, CEO of Nominet shared, “The open source programs and maintainers who underpin the Domain Name System (DNS) often lack sufficient sustainable funding. When essential core infrastructure is struggling, this threatens the stability and security of the entire internet. As a public benefit company, we are trying to tackle these gaps by investing in essential open source components. We are pleased to be supporting OpenSSL Foundation’s work to improve its test suite, which will benefit the internet security of countless people around the world.”

The advisory panel who reviewed applications considered five assessment principles: public benefit, core need, proven use, the right people doing the work, and value and sustainability. 

The OpenSSL Library, which is co-managed by OpenSSL Foundation and OpenSSL Corporation, is a good match for all of these criteria. It is widely acknowledged as a critical component of the internet’s infrastructure. In particular, major DNS software components such as Bind, Unbound, and many others rely on OpenSSL to provide critical security features. The improvement of our test suite will have many long-term benefits, from catching bugs earlier to making changes safer. 

The Foundation has contracted Jakub Zelenka to undertake this work. Jakub has extensive experience with OpenSSL integrations, including long-term maintenance of the PHP OpenSSL extension and work involving PKCS#11 tooling. He has also introduced unit testing support in the PHP project and applied similar practices in other C libraries. 

“Bugs in OpenSSL could have significant consequences”, explains Matt Caswell, OpenSSL Foundation’s executive director. “As a core security library, OpenSSL is often processing sensitive data such as secret keys. Bugs may inadvertently expose these secret keys, or cause other significant impacts resulting in CVEs. By improving our test coverage we are seeking to catch and fix bugs before they cause problems. This will ultimately result in a more robust and secure DNS ecosystem.”

Amy O’Donnell, from Nominet’s social impact team, spoke more about the creation of Nominet DNS Fund in a talk at the FOSDEM’26 conference, which you can view online. 

The work being funded by Nominet DNS Fund is already underway and will continue into August 2026. While this funding will enable significant progress, there will still be more work to do. To learn how you can help fund future testing coverage improvements that are in our work plan for 2026, contact donate@openssl.foundation.