github.com/FISCO-BCOS/crypto@v0.0.0-20200202032121-bd8ab0b5d4f1/tls/handshake_client_test.go (about) 1 // Copyright 2010 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "bytes" 9 "crypto/rsa" 10 "github.com/FISCO-BCOS/crypto/x509" 11 "encoding/base64" 12 "encoding/binary" 13 "encoding/pem" 14 "errors" 15 "fmt" 16 "io" 17 "math/big" 18 "net" 19 "os" 20 "os/exec" 21 "path/filepath" 22 "strconv" 23 "strings" 24 "testing" 25 "time" 26 ) 27 28 // Note: see comment in handshake_test.go for details of how the reference 29 // tests work. 30 31 // opensslInputEvent enumerates possible inputs that can be sent to an `openssl 32 // s_client` process. 33 type opensslInputEvent int 34 35 const ( 36 // opensslRenegotiate causes OpenSSL to request a renegotiation of the 37 // connection. 38 opensslRenegotiate opensslInputEvent = iota 39 40 // opensslSendBanner causes OpenSSL to send the contents of 41 // opensslSentinel on the connection. 42 opensslSendSentinel 43 44 // opensslKeyUpdate causes OpenSSL to send send a key update message to the 45 // client and request one back. 46 opensslKeyUpdate 47 ) 48 49 const opensslSentinel = "SENTINEL\n" 50 51 type opensslInput chan opensslInputEvent 52 53 func (i opensslInput) Read(buf []byte) (n int, err error) { 54 for event := range i { 55 switch event { 56 case opensslRenegotiate: 57 return copy(buf, []byte("R\n")), nil 58 case opensslKeyUpdate: 59 return copy(buf, []byte("K\n")), nil 60 case opensslSendSentinel: 61 return copy(buf, []byte(opensslSentinel)), nil 62 default: 63 panic("unknown event") 64 } 65 } 66 67 return 0, io.EOF 68 } 69 70 // opensslOutputSink is an io.Writer that receives the stdout and stderr from an 71 // `openssl` process and sends a value to handshakeComplete or readKeyUpdate 72 // when certain messages are seen. 73 type opensslOutputSink struct { 74 handshakeComplete chan struct{} 75 readKeyUpdate chan struct{} 76 all []byte 77 line []byte 78 } 79 80 func newOpensslOutputSink() *opensslOutputSink { 81 return &opensslOutputSink{make(chan struct{}), make(chan struct{}), nil, nil} 82 } 83 84 // opensslEndOfHandshake is a message that the “openssl s_server” tool will 85 // print when a handshake completes if run with “-state”. 86 const opensslEndOfHandshake = "SSL_accept:SSLv3/TLS write finished" 87 88 // opensslReadKeyUpdate is a message that the “openssl s_server” tool will 89 // print when a KeyUpdate message is received if run with “-state”. 90 const opensslReadKeyUpdate = "SSL_accept:TLSv1.3 read client key update" 91 92 func (o *opensslOutputSink) Write(data []byte) (n int, err error) { 93 o.line = append(o.line, data...) 94 o.all = append(o.all, data...) 95 96 for { 97 i := bytes.IndexByte(o.line, '\n') 98 if i < 0 { 99 break 100 } 101 102 if bytes.Equal([]byte(opensslEndOfHandshake), o.line[:i]) { 103 o.handshakeComplete <- struct{}{} 104 } 105 if bytes.Equal([]byte(opensslReadKeyUpdate), o.line[:i]) { 106 o.readKeyUpdate <- struct{}{} 107 } 108 o.line = o.line[i+1:] 109 } 110 111 return len(data), nil 112 } 113 114 func (o *opensslOutputSink) String() string { 115 return string(o.all) 116 } 117 118 // clientTest represents a test of the TLS client handshake against a reference 119 // implementation. 120 type clientTest struct { 121 // name is a freeform string identifying the test and the file in which 122 // the expected results will be stored. 123 name string 124 // args, if not empty, contains a series of arguments for the 125 // command to run for the reference server. 126 args []string 127 // config, if not nil, contains a custom Config to use for this test. 128 config *Config 129 // cert, if not empty, contains a DER-encoded certificate for the 130 // reference server. 131 cert []byte 132 // key, if not nil, contains either a *rsa.PrivateKey, ed25519.PrivateKey or 133 // *ecdsa.PrivateKey which is the private key for the reference server. 134 key interface{} 135 // extensions, if not nil, contains a list of extension data to be returned 136 // from the ServerHello. The data should be in standard TLS format with 137 // a 2-byte uint16 type, 2-byte data length, followed by the extension data. 138 extensions [][]byte 139 // validate, if not nil, is a function that will be called with the 140 // ConnectionState of the resulting connection. It returns a non-nil 141 // error if the ConnectionState is unacceptable. 142 validate func(ConnectionState) error 143 // numRenegotiations is the number of times that the connection will be 144 // renegotiated. 145 numRenegotiations int 146 // renegotiationExpectedToFail, if not zero, is the number of the 147 // renegotiation attempt that is expected to fail. 148 renegotiationExpectedToFail int 149 // checkRenegotiationError, if not nil, is called with any error 150 // arising from renegotiation. It can map expected errors to nil to 151 // ignore them. 152 checkRenegotiationError func(renegotiationNum int, err error) error 153 // sendKeyUpdate will cause the server to send a KeyUpdate message. 154 sendKeyUpdate bool 155 } 156 157 var serverCommand = []string{"openssl", "s_server", "-no_ticket", "-num_tickets", "0"} 158 159 // connFromCommand starts the reference server process, connects to it and 160 // returns a recordingConn for the connection. The stdin return value is an 161 // opensslInput for the stdin of the child process. It must be closed before 162 // Waiting for child. 163 func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, stdin opensslInput, stdout *opensslOutputSink, err error) { 164 cert := testRSACertificate 165 if len(test.cert) > 0 { 166 cert = test.cert 167 } 168 certPath := tempFile(string(cert)) 169 defer os.Remove(certPath) 170 171 var key interface{} = testRSAPrivateKey 172 if test.key != nil { 173 key = test.key 174 } 175 derBytes, err := x509.MarshalPKCS8PrivateKey(key) 176 if err != nil { 177 panic(err) 178 } 179 180 var pemOut bytes.Buffer 181 pem.Encode(&pemOut, &pem.Block{Type: "PRIVATE KEY", Bytes: derBytes}) 182 183 keyPath := tempFile(pemOut.String()) 184 defer os.Remove(keyPath) 185 186 var command []string 187 command = append(command, serverCommand...) 188 command = append(command, test.args...) 189 command = append(command, "-cert", certPath, "-certform", "DER", "-key", keyPath) 190 // serverPort contains the port that OpenSSL will listen on. OpenSSL 191 // can't take "0" as an argument here so we have to pick a number and 192 // hope that it's not in use on the machine. Since this only occurs 193 // when -update is given and thus when there's a human watching the 194 // test, this isn't too bad. 195 const serverPort = 24323 196 command = append(command, "-accept", strconv.Itoa(serverPort)) 197 198 if len(test.extensions) > 0 { 199 var serverInfo bytes.Buffer 200 for _, ext := range test.extensions { 201 pem.Encode(&serverInfo, &pem.Block{ 202 Type: fmt.Sprintf("SERVERINFO FOR EXTENSION %d", binary.BigEndian.Uint16(ext)), 203 Bytes: ext, 204 }) 205 } 206 serverInfoPath := tempFile(serverInfo.String()) 207 defer os.Remove(serverInfoPath) 208 command = append(command, "-serverinfo", serverInfoPath) 209 } 210 211 if test.numRenegotiations > 0 || test.sendKeyUpdate { 212 found := false 213 for _, flag := range command[1:] { 214 if flag == "-state" { 215 found = true 216 break 217 } 218 } 219 220 if !found { 221 panic("-state flag missing to OpenSSL, you need this if testing renegotiation or KeyUpdate") 222 } 223 } 224 225 cmd := exec.Command(command[0], command[1:]...) 226 stdin = opensslInput(make(chan opensslInputEvent)) 227 cmd.Stdin = stdin 228 out := newOpensslOutputSink() 229 cmd.Stdout = out 230 cmd.Stderr = out 231 if err := cmd.Start(); err != nil { 232 return nil, nil, nil, nil, err 233 } 234 235 // OpenSSL does print an "ACCEPT" banner, but it does so *before* 236 // opening the listening socket, so we can't use that to wait until it 237 // has started listening. Thus we are forced to poll until we get a 238 // connection. 239 var tcpConn net.Conn 240 for i := uint(0); i < 5; i++ { 241 tcpConn, err = net.DialTCP("tcp", nil, &net.TCPAddr{ 242 IP: net.IPv4(127, 0, 0, 1), 243 Port: serverPort, 244 }) 245 if err == nil { 246 break 247 } 248 time.Sleep((1 << i) * 5 * time.Millisecond) 249 } 250 if err != nil { 251 close(stdin) 252 cmd.Process.Kill() 253 err = fmt.Errorf("error connecting to the OpenSSL server: %v (%v)\n\n%s", err, cmd.Wait(), out) 254 return nil, nil, nil, nil, err 255 } 256 257 record := &recordingConn{ 258 Conn: tcpConn, 259 } 260 261 return record, cmd, stdin, out, nil 262 } 263 264 func (test *clientTest) dataPath() string { 265 return filepath.Join("testdata", "Client-"+test.name) 266 } 267 268 func (test *clientTest) loadData() (flows [][]byte, err error) { 269 in, err := os.Open(test.dataPath()) 270 if err != nil { 271 return nil, err 272 } 273 defer in.Close() 274 return parseTestData(in) 275 } 276 277 func (test *clientTest) run(t *testing.T, write bool) { 278 var clientConn, serverConn net.Conn 279 var recordingConn *recordingConn 280 var childProcess *exec.Cmd 281 var stdin opensslInput 282 var stdout *opensslOutputSink 283 284 if write { 285 var err error 286 recordingConn, childProcess, stdin, stdout, err = test.connFromCommand() 287 if err != nil { 288 t.Fatalf("Failed to start subcommand: %s", err) 289 } 290 clientConn = recordingConn 291 defer func() { 292 if t.Failed() { 293 t.Logf("OpenSSL output:\n\n%s", stdout.all) 294 } 295 }() 296 } else { 297 clientConn, serverConn = localPipe(t) 298 } 299 300 doneChan := make(chan bool) 301 defer func() { 302 clientConn.Close() 303 <-doneChan 304 }() 305 go func() { 306 defer close(doneChan) 307 308 config := test.config 309 if config == nil { 310 config = testConfig 311 } 312 client := Client(clientConn, config) 313 defer client.Close() 314 315 if _, err := client.Write([]byte("hello\n")); err != nil { 316 t.Errorf("Client.Write failed: %s", err) 317 return 318 } 319 320 for i := 1; i <= test.numRenegotiations; i++ { 321 // The initial handshake will generate a 322 // handshakeComplete signal which needs to be quashed. 323 if i == 1 && write { 324 <-stdout.handshakeComplete 325 } 326 327 // OpenSSL will try to interleave application data and 328 // a renegotiation if we send both concurrently. 329 // Therefore: ask OpensSSL to start a renegotiation, run 330 // a goroutine to call client.Read and thus process the 331 // renegotiation request, watch for OpenSSL's stdout to 332 // indicate that the handshake is complete and, 333 // finally, have OpenSSL write something to cause 334 // client.Read to complete. 335 if write { 336 stdin <- opensslRenegotiate 337 } 338 339 signalChan := make(chan struct{}) 340 341 go func() { 342 defer close(signalChan) 343 344 buf := make([]byte, 256) 345 n, err := client.Read(buf) 346 347 if test.checkRenegotiationError != nil { 348 newErr := test.checkRenegotiationError(i, err) 349 if err != nil && newErr == nil { 350 return 351 } 352 err = newErr 353 } 354 355 if err != nil { 356 t.Errorf("Client.Read failed after renegotiation #%d: %s", i, err) 357 return 358 } 359 360 buf = buf[:n] 361 if !bytes.Equal([]byte(opensslSentinel), buf) { 362 t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel) 363 } 364 365 if expected := i + 1; client.handshakes != expected { 366 t.Errorf("client should have recorded %d handshakes, but believes that %d have occurred", expected, client.handshakes) 367 } 368 }() 369 370 if write && test.renegotiationExpectedToFail != i { 371 <-stdout.handshakeComplete 372 stdin <- opensslSendSentinel 373 } 374 <-signalChan 375 } 376 377 if test.sendKeyUpdate { 378 if write { 379 <-stdout.handshakeComplete 380 stdin <- opensslKeyUpdate 381 } 382 383 doneRead := make(chan struct{}) 384 385 go func() { 386 defer close(doneRead) 387 388 buf := make([]byte, 256) 389 n, err := client.Read(buf) 390 391 if err != nil { 392 t.Errorf("Client.Read failed after KeyUpdate: %s", err) 393 return 394 } 395 396 buf = buf[:n] 397 if !bytes.Equal([]byte(opensslSentinel), buf) { 398 t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel) 399 } 400 }() 401 402 if write { 403 // There's no real reason to wait for the client KeyUpdate to 404 // send data with the new server keys, except that s_server 405 // drops writes if they are sent at the wrong time. 406 <-stdout.readKeyUpdate 407 stdin <- opensslSendSentinel 408 } 409 <-doneRead 410 411 if _, err := client.Write([]byte("hello again\n")); err != nil { 412 t.Errorf("Client.Write failed: %s", err) 413 return 414 } 415 } 416 417 if test.validate != nil { 418 if err := test.validate(client.ConnectionState()); err != nil { 419 t.Errorf("validate callback returned error: %s", err) 420 } 421 } 422 423 // If the server sent us an alert after our last flight, give it a 424 // chance to arrive. 425 if write && test.renegotiationExpectedToFail == 0 { 426 if err := peekError(client); err != nil { 427 t.Errorf("final Read returned an error: %s", err) 428 } 429 } 430 }() 431 432 if !write { 433 flows, err := test.loadData() 434 if err != nil { 435 t.Fatalf("%s: failed to load data from %s: %v", test.name, test.dataPath(), err) 436 } 437 for i, b := range flows { 438 if i%2 == 1 { 439 if *fast { 440 serverConn.SetWriteDeadline(time.Now().Add(1 * time.Second)) 441 } else { 442 serverConn.SetWriteDeadline(time.Now().Add(1 * time.Minute)) 443 } 444 serverConn.Write(b) 445 continue 446 } 447 bb := make([]byte, len(b)) 448 if *fast { 449 serverConn.SetReadDeadline(time.Now().Add(1 * time.Second)) 450 } else { 451 serverConn.SetReadDeadline(time.Now().Add(1 * time.Minute)) 452 } 453 _, err := io.ReadFull(serverConn, bb) 454 if err != nil { 455 t.Fatalf("%s, flow %d: %s", test.name, i+1, err) 456 } 457 if !bytes.Equal(b, bb) { 458 t.Fatalf("%s, flow %d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) 459 } 460 } 461 } 462 463 <-doneChan 464 if !write { 465 serverConn.Close() 466 } 467 468 if write { 469 path := test.dataPath() 470 out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) 471 if err != nil { 472 t.Fatalf("Failed to create output file: %s", err) 473 } 474 defer out.Close() 475 recordingConn.Close() 476 close(stdin) 477 childProcess.Process.Kill() 478 childProcess.Wait() 479 if len(recordingConn.flows) < 3 { 480 t.Fatalf("Client connection didn't work") 481 } 482 recordingConn.WriteTo(out) 483 t.Logf("Wrote %s\n", path) 484 } 485 } 486 487 // peekError does a read with a short timeout to check if the next read would 488 // cause an error, for example if there is an alert waiting on the wire. 489 func peekError(conn net.Conn) error { 490 conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) 491 if n, err := conn.Read(make([]byte, 1)); n != 0 { 492 return errors.New("unexpectedly read data") 493 } else if err != nil { 494 if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() { 495 return err 496 } 497 } 498 return nil 499 } 500 501 func runClientTestForVersion(t *testing.T, template *clientTest, version, option string) { 502 t.Run(version, func(t *testing.T) { 503 // Make a deep copy of the template before going parallel. 504 test := *template 505 if template.config != nil { 506 test.config = template.config.Clone() 507 } 508 509 if !*update { 510 t.Parallel() 511 } 512 513 test.name = version + "-" + test.name 514 test.args = append([]string{option}, test.args...) 515 test.run(t, *update) 516 }) 517 } 518 519 func runClientTestTLS10(t *testing.T, template *clientTest) { 520 runClientTestForVersion(t, template, "TLSv10", "-tls1") 521 } 522 523 func runClientTestTLS11(t *testing.T, template *clientTest) { 524 runClientTestForVersion(t, template, "TLSv11", "-tls1_1") 525 } 526 527 func runClientTestTLS12(t *testing.T, template *clientTest) { 528 runClientTestForVersion(t, template, "TLSv12", "-tls1_2") 529 } 530 531 func runClientTestTLS13(t *testing.T, template *clientTest) { 532 runClientTestForVersion(t, template, "TLSv13", "-tls1_3") 533 } 534 535 func TestHandshakeClientRSARC4(t *testing.T) { 536 test := &clientTest{ 537 name: "RSA-RC4", 538 args: []string{"-cipher", "RC4-SHA"}, 539 } 540 runClientTestTLS10(t, test) 541 runClientTestTLS11(t, test) 542 runClientTestTLS12(t, test) 543 } 544 545 func TestHandshakeClientRSAAES128GCM(t *testing.T) { 546 test := &clientTest{ 547 name: "AES128-GCM-SHA256", 548 args: []string{"-cipher", "AES128-GCM-SHA256"}, 549 } 550 runClientTestTLS12(t, test) 551 } 552 553 func TestHandshakeClientRSAAES256GCM(t *testing.T) { 554 test := &clientTest{ 555 name: "AES256-GCM-SHA384", 556 args: []string{"-cipher", "AES256-GCM-SHA384"}, 557 } 558 runClientTestTLS12(t, test) 559 } 560 561 func TestHandshakeClientECDHERSAAES(t *testing.T) { 562 test := &clientTest{ 563 name: "ECDHE-RSA-AES", 564 args: []string{"-cipher", "ECDHE-RSA-AES128-SHA"}, 565 } 566 runClientTestTLS10(t, test) 567 runClientTestTLS11(t, test) 568 runClientTestTLS12(t, test) 569 } 570 571 func TestHandshakeClientECDHEECDSAAES(t *testing.T) { 572 test := &clientTest{ 573 name: "ECDHE-ECDSA-AES", 574 args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA"}, 575 cert: testECDSACertificate, 576 key: testECDSAPrivateKey, 577 } 578 runClientTestTLS10(t, test) 579 runClientTestTLS11(t, test) 580 runClientTestTLS12(t, test) 581 } 582 583 func TestHandshakeClientECDHEECDSAAESGCM(t *testing.T) { 584 test := &clientTest{ 585 name: "ECDHE-ECDSA-AES-GCM", 586 args: []string{"-cipher", "ECDHE-ECDSA-AES128-GCM-SHA256"}, 587 cert: testECDSACertificate, 588 key: testECDSAPrivateKey, 589 } 590 runClientTestTLS12(t, test) 591 } 592 593 func TestHandshakeClientAES256GCMSHA384(t *testing.T) { 594 test := &clientTest{ 595 name: "ECDHE-ECDSA-AES256-GCM-SHA384", 596 args: []string{"-cipher", "ECDHE-ECDSA-AES256-GCM-SHA384"}, 597 cert: testECDSACertificate, 598 key: testECDSAPrivateKey, 599 } 600 runClientTestTLS12(t, test) 601 } 602 603 func TestHandshakeClientAES128CBCSHA256(t *testing.T) { 604 test := &clientTest{ 605 name: "AES128-SHA256", 606 args: []string{"-cipher", "AES128-SHA256"}, 607 } 608 runClientTestTLS12(t, test) 609 } 610 611 func TestHandshakeClientECDHERSAAES128CBCSHA256(t *testing.T) { 612 test := &clientTest{ 613 name: "ECDHE-RSA-AES128-SHA256", 614 args: []string{"-cipher", "ECDHE-RSA-AES128-SHA256"}, 615 } 616 runClientTestTLS12(t, test) 617 } 618 619 func TestHandshakeClientECDHEECDSAAES128CBCSHA256(t *testing.T) { 620 test := &clientTest{ 621 name: "ECDHE-ECDSA-AES128-SHA256", 622 args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA256"}, 623 cert: testECDSACertificate, 624 key: testECDSAPrivateKey, 625 } 626 runClientTestTLS12(t, test) 627 } 628 629 func TestHandshakeClientX25519(t *testing.T) { 630 config := testConfig.Clone() 631 config.CurvePreferences = []CurveID{X25519} 632 633 test := &clientTest{ 634 name: "X25519-ECDHE", 635 args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "X25519"}, 636 config: config, 637 } 638 639 runClientTestTLS12(t, test) 640 runClientTestTLS13(t, test) 641 } 642 643 func TestHandshakeClientP256(t *testing.T) { 644 config := testConfig.Clone() 645 config.CurvePreferences = []CurveID{CurveP256} 646 647 test := &clientTest{ 648 name: "P256-ECDHE", 649 args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"}, 650 config: config, 651 } 652 653 runClientTestTLS12(t, test) 654 runClientTestTLS13(t, test) 655 } 656 657 func TestHandshakeClientHelloRetryRequest(t *testing.T) { 658 config := testConfig.Clone() 659 config.CurvePreferences = []CurveID{X25519, CurveP256} 660 661 test := &clientTest{ 662 name: "HelloRetryRequest", 663 args: []string{"-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"}, 664 config: config, 665 } 666 667 runClientTestTLS13(t, test) 668 } 669 670 func TestHandshakeClientECDHERSAChaCha20(t *testing.T) { 671 config := testConfig.Clone() 672 config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305} 673 674 test := &clientTest{ 675 name: "ECDHE-RSA-CHACHA20-POLY1305", 676 args: []string{"-cipher", "ECDHE-RSA-CHACHA20-POLY1305"}, 677 config: config, 678 } 679 680 runClientTestTLS12(t, test) 681 } 682 683 func TestHandshakeClientECDHEECDSAChaCha20(t *testing.T) { 684 config := testConfig.Clone() 685 config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305} 686 687 test := &clientTest{ 688 name: "ECDHE-ECDSA-CHACHA20-POLY1305", 689 args: []string{"-cipher", "ECDHE-ECDSA-CHACHA20-POLY1305"}, 690 config: config, 691 cert: testECDSACertificate, 692 key: testECDSAPrivateKey, 693 } 694 695 runClientTestTLS12(t, test) 696 } 697 698 func TestHandshakeClientAES128SHA256(t *testing.T) { 699 test := &clientTest{ 700 name: "AES128-SHA256", 701 args: []string{"-ciphersuites", "TLS_AES_128_GCM_SHA256"}, 702 } 703 runClientTestTLS13(t, test) 704 } 705 func TestHandshakeClientAES256SHA384(t *testing.T) { 706 test := &clientTest{ 707 name: "AES256-SHA384", 708 args: []string{"-ciphersuites", "TLS_AES_256_GCM_SHA384"}, 709 } 710 runClientTestTLS13(t, test) 711 } 712 func TestHandshakeClientCHACHA20SHA256(t *testing.T) { 713 test := &clientTest{ 714 name: "CHACHA20-SHA256", 715 args: []string{"-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, 716 } 717 runClientTestTLS13(t, test) 718 } 719 720 func TestHandshakeClientECDSATLS13(t *testing.T) { 721 test := &clientTest{ 722 name: "ECDSA", 723 cert: testECDSACertificate, 724 key: testECDSAPrivateKey, 725 } 726 runClientTestTLS13(t, test) 727 } 728 729 func TestHandshakeClientEd25519(t *testing.T) { 730 test := &clientTest{ 731 name: "Ed25519", 732 cert: testEd25519Certificate, 733 key: testEd25519PrivateKey, 734 } 735 runClientTestTLS12(t, test) 736 runClientTestTLS13(t, test) 737 738 config := testConfig.Clone() 739 cert, _ := X509KeyPair([]byte(clientEd25519CertificatePEM), []byte(clientEd25519KeyPEM)) 740 config.Certificates = []Certificate{cert} 741 742 test = &clientTest{ 743 name: "ClientCert-Ed25519", 744 args: []string{"-Verify", "1"}, 745 config: config, 746 } 747 748 runClientTestTLS12(t, test) 749 runClientTestTLS13(t, test) 750 } 751 752 func TestHandshakeClientCertRSA(t *testing.T) { 753 config := testConfig.Clone() 754 cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) 755 config.Certificates = []Certificate{cert} 756 757 test := &clientTest{ 758 name: "ClientCert-RSA-RSA", 759 args: []string{"-cipher", "AES128", "-Verify", "1"}, 760 config: config, 761 } 762 763 runClientTestTLS10(t, test) 764 runClientTestTLS12(t, test) 765 766 test = &clientTest{ 767 name: "ClientCert-RSA-ECDSA", 768 args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"}, 769 config: config, 770 cert: testECDSACertificate, 771 key: testECDSAPrivateKey, 772 } 773 774 runClientTestTLS10(t, test) 775 runClientTestTLS12(t, test) 776 runClientTestTLS13(t, test) 777 778 test = &clientTest{ 779 name: "ClientCert-RSA-AES256-GCM-SHA384", 780 args: []string{"-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-Verify", "1"}, 781 config: config, 782 cert: testRSACertificate, 783 key: testRSAPrivateKey, 784 } 785 786 runClientTestTLS12(t, test) 787 } 788 789 func TestHandshakeClientCertECDSA(t *testing.T) { 790 config := testConfig.Clone() 791 cert, _ := X509KeyPair([]byte(clientECDSACertificatePEM), []byte(clientECDSAKeyPEM)) 792 config.Certificates = []Certificate{cert} 793 794 test := &clientTest{ 795 name: "ClientCert-ECDSA-RSA", 796 args: []string{"-cipher", "AES128", "-Verify", "1"}, 797 config: config, 798 } 799 800 runClientTestTLS10(t, test) 801 runClientTestTLS12(t, test) 802 runClientTestTLS13(t, test) 803 804 test = &clientTest{ 805 name: "ClientCert-ECDSA-ECDSA", 806 args: []string{"-cipher", "ECDHE-ECDSA-AES128-SHA", "-Verify", "1"}, 807 config: config, 808 cert: testECDSACertificate, 809 key: testECDSAPrivateKey, 810 } 811 812 runClientTestTLS10(t, test) 813 runClientTestTLS12(t, test) 814 } 815 816 // TestHandshakeClientCertRSAPSS tests rsa_pss_rsae_sha256 signatures from both 817 // client and server certificates. It also serves from both sides a certificate 818 // signed itself with RSA-PSS, mostly to check that crypto/x509 chain validation 819 // works. 820 func TestHandshakeClientCertRSAPSS(t *testing.T) { 821 cert, err := x509.ParseCertificate(testRSAPSSCertificate) 822 if err != nil { 823 panic(err) 824 } 825 rootCAs := x509.NewCertPool() 826 rootCAs.AddCert(cert) 827 828 config := testConfig.Clone() 829 // Use GetClientCertificate to bypass the client certificate selection logic. 830 config.GetClientCertificate = func(*CertificateRequestInfo) (*Certificate, error) { 831 return &Certificate{ 832 Certificate: [][]byte{testRSAPSSCertificate}, 833 PrivateKey: testRSAPrivateKey, 834 }, nil 835 } 836 config.RootCAs = rootCAs 837 838 test := &clientTest{ 839 name: "ClientCert-RSA-RSAPSS", 840 args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", 841 "rsa_pss_rsae_sha256", "-sigalgs", "rsa_pss_rsae_sha256"}, 842 config: config, 843 cert: testRSAPSSCertificate, 844 key: testRSAPrivateKey, 845 } 846 runClientTestTLS13(t, test) 847 848 // In our TLS 1.2 client, RSA-PSS is only supported for server certificates. 849 // See Issue 32425. 850 test = &clientTest{ 851 name: "ClientCert-RSA-RSAPSS", 852 args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", 853 "rsa_pkcs1_sha256", "-sigalgs", "rsa_pss_rsae_sha256"}, 854 config: config, 855 cert: testRSAPSSCertificate, 856 key: testRSAPrivateKey, 857 } 858 runClientTestTLS12(t, test) 859 } 860 861 func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) { 862 config := testConfig.Clone() 863 cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) 864 config.Certificates = []Certificate{cert} 865 866 test := &clientTest{ 867 name: "ClientCert-RSA-RSAPKCS1v15", 868 args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs", 869 "rsa_pkcs1_sha256", "-sigalgs", "rsa_pkcs1_sha256"}, 870 config: config, 871 } 872 873 runClientTestTLS12(t, test) 874 } 875 876 func TestClientKeyUpdate(t *testing.T) { 877 test := &clientTest{ 878 name: "KeyUpdate", 879 args: []string{"-state"}, 880 sendKeyUpdate: true, 881 } 882 runClientTestTLS13(t, test) 883 } 884 885 func TestResumption(t *testing.T) { 886 t.Run("TLSv12", func(t *testing.T) { testResumption(t, VersionTLS12) }) 887 t.Run("TLSv13", func(t *testing.T) { testResumption(t, VersionTLS13) }) 888 } 889 890 func testResumption(t *testing.T, version uint16) { 891 if testing.Short() { 892 t.Skip("skipping in -short mode") 893 } 894 serverConfig := &Config{ 895 MaxVersion: version, 896 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, 897 Certificates: testConfig.Certificates, 898 } 899 900 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 901 if err != nil { 902 panic(err) 903 } 904 905 rootCAs := x509.NewCertPool() 906 rootCAs.AddCert(issuer) 907 908 clientConfig := &Config{ 909 MaxVersion: version, 910 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 911 ClientSessionCache: NewLRUClientSessionCache(32), 912 RootCAs: rootCAs, 913 ServerName: "example.golang", 914 } 915 916 testResumeState := func(test string, didResume bool) { 917 _, hs, err := testHandshake(t, clientConfig, serverConfig) 918 if err != nil { 919 t.Fatalf("%s: handshake failed: %s", test, err) 920 } 921 if hs.DidResume != didResume { 922 t.Fatalf("%s resumed: %v, expected: %v", test, hs.DidResume, didResume) 923 } 924 if didResume && (hs.PeerCertificates == nil || hs.VerifiedChains == nil) { 925 t.Fatalf("expected non-nil certificates after resumption. Got peerCertificates: %#v, verifiedCertificates: %#v", hs.PeerCertificates, hs.VerifiedChains) 926 } 927 } 928 929 getTicket := func() []byte { 930 return clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.sessionTicket 931 } 932 deleteTicket := func() { 933 ticketKey := clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).sessionKey 934 clientConfig.ClientSessionCache.Put(ticketKey, nil) 935 } 936 corruptTicket := func() { 937 clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.masterSecret[0] ^= 0xff 938 } 939 randomKey := func() [32]byte { 940 var k [32]byte 941 if _, err := io.ReadFull(serverConfig.rand(), k[:]); err != nil { 942 t.Fatalf("Failed to read new SessionTicketKey: %s", err) 943 } 944 return k 945 } 946 947 testResumeState("Handshake", false) 948 ticket := getTicket() 949 testResumeState("Resume", true) 950 if !bytes.Equal(ticket, getTicket()) && version != VersionTLS13 { 951 t.Fatal("first ticket doesn't match ticket after resumption") 952 } 953 if bytes.Equal(ticket, getTicket()) && version == VersionTLS13 { 954 t.Fatal("ticket didn't change after resumption") 955 } 956 957 key1 := randomKey() 958 serverConfig.SetSessionTicketKeys([][32]byte{key1}) 959 960 testResumeState("InvalidSessionTicketKey", false) 961 testResumeState("ResumeAfterInvalidSessionTicketKey", true) 962 963 key2 := randomKey() 964 serverConfig.SetSessionTicketKeys([][32]byte{key2, key1}) 965 ticket = getTicket() 966 testResumeState("KeyChange", true) 967 if bytes.Equal(ticket, getTicket()) { 968 t.Fatal("new ticket wasn't included while resuming") 969 } 970 testResumeState("KeyChangeFinish", true) 971 972 // Reset serverConfig to ensure that calling SetSessionTicketKeys 973 // before the serverConfig is used works. 974 serverConfig = &Config{ 975 MaxVersion: version, 976 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, 977 Certificates: testConfig.Certificates, 978 } 979 serverConfig.SetSessionTicketKeys([][32]byte{key2}) 980 981 testResumeState("FreshConfig", true) 982 983 // In TLS 1.3, cross-cipher suite resumption is allowed as long as the KDF 984 // hash matches. Also, Config.CipherSuites does not apply to TLS 1.3. 985 if version != VersionTLS13 { 986 clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA} 987 testResumeState("DifferentCipherSuite", false) 988 testResumeState("DifferentCipherSuiteRecovers", true) 989 } 990 991 deleteTicket() 992 testResumeState("WithoutSessionTicket", false) 993 994 // Session resumption should work when using client certificates 995 deleteTicket() 996 serverConfig.ClientCAs = rootCAs 997 serverConfig.ClientAuth = RequireAndVerifyClientCert 998 clientConfig.Certificates = serverConfig.Certificates 999 testResumeState("InitialHandshake", false) 1000 testResumeState("WithClientCertificates", true) 1001 serverConfig.ClientAuth = NoClientCert 1002 1003 // Tickets should be removed from the session cache on TLS handshake 1004 // failure, and the client should recover from a corrupted PSK 1005 testResumeState("FetchTicketToCorrupt", false) 1006 corruptTicket() 1007 _, _, err = testHandshake(t, clientConfig, serverConfig) 1008 if err == nil { 1009 t.Fatalf("handshake did not fail with a corrupted client secret") 1010 } 1011 testResumeState("AfterHandshakeFailure", false) 1012 1013 clientConfig.ClientSessionCache = nil 1014 testResumeState("WithoutSessionCache", false) 1015 } 1016 1017 func TestLRUClientSessionCache(t *testing.T) { 1018 // Initialize cache of capacity 4. 1019 cache := NewLRUClientSessionCache(4) 1020 cs := make([]ClientSessionState, 6) 1021 keys := []string{"0", "1", "2", "3", "4", "5", "6"} 1022 1023 // Add 4 entries to the cache and look them up. 1024 for i := 0; i < 4; i++ { 1025 cache.Put(keys[i], &cs[i]) 1026 } 1027 for i := 0; i < 4; i++ { 1028 if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] { 1029 t.Fatalf("session cache failed lookup for added key: %s", keys[i]) 1030 } 1031 } 1032 1033 // Add 2 more entries to the cache. First 2 should be evicted. 1034 for i := 4; i < 6; i++ { 1035 cache.Put(keys[i], &cs[i]) 1036 } 1037 for i := 0; i < 2; i++ { 1038 if s, ok := cache.Get(keys[i]); ok || s != nil { 1039 t.Fatalf("session cache should have evicted key: %s", keys[i]) 1040 } 1041 } 1042 1043 // Touch entry 2. LRU should evict 3 next. 1044 cache.Get(keys[2]) 1045 cache.Put(keys[0], &cs[0]) 1046 if s, ok := cache.Get(keys[3]); ok || s != nil { 1047 t.Fatalf("session cache should have evicted key 3") 1048 } 1049 1050 // Update entry 0 in place. 1051 cache.Put(keys[0], &cs[3]) 1052 if s, ok := cache.Get(keys[0]); !ok || s != &cs[3] { 1053 t.Fatalf("session cache failed update for key 0") 1054 } 1055 1056 // Calling Put with a nil entry deletes the key. 1057 cache.Put(keys[0], nil) 1058 if _, ok := cache.Get(keys[0]); ok { 1059 t.Fatalf("session cache failed to delete key 0") 1060 } 1061 1062 // Delete entry 2. LRU should keep 4 and 5 1063 cache.Put(keys[2], nil) 1064 if _, ok := cache.Get(keys[2]); ok { 1065 t.Fatalf("session cache failed to delete key 4") 1066 } 1067 for i := 4; i < 6; i++ { 1068 if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] { 1069 t.Fatalf("session cache should not have deleted key: %s", keys[i]) 1070 } 1071 } 1072 } 1073 1074 func TestKeyLogTLS12(t *testing.T) { 1075 var serverBuf, clientBuf bytes.Buffer 1076 1077 clientConfig := testConfig.Clone() 1078 clientConfig.KeyLogWriter = &clientBuf 1079 clientConfig.MaxVersion = VersionTLS12 1080 1081 serverConfig := testConfig.Clone() 1082 serverConfig.KeyLogWriter = &serverBuf 1083 serverConfig.MaxVersion = VersionTLS12 1084 1085 c, s := localPipe(t) 1086 done := make(chan bool) 1087 1088 go func() { 1089 defer close(done) 1090 1091 if err := Server(s, serverConfig).Handshake(); err != nil { 1092 t.Errorf("server: %s", err) 1093 return 1094 } 1095 s.Close() 1096 }() 1097 1098 if err := Client(c, clientConfig).Handshake(); err != nil { 1099 t.Fatalf("client: %s", err) 1100 } 1101 1102 c.Close() 1103 <-done 1104 1105 checkKeylogLine := func(side, loggedLine string) { 1106 if len(loggedLine) == 0 { 1107 t.Fatalf("%s: no keylog line was produced", side) 1108 } 1109 const expectedLen = 13 /* "CLIENT_RANDOM" */ + 1110 1 /* space */ + 1111 32*2 /* hex client nonce */ + 1112 1 /* space */ + 1113 48*2 /* hex master secret */ + 1114 1 /* new line */ 1115 if len(loggedLine) != expectedLen { 1116 t.Fatalf("%s: keylog line has incorrect length (want %d, got %d): %q", side, expectedLen, len(loggedLine), loggedLine) 1117 } 1118 if !strings.HasPrefix(loggedLine, "CLIENT_RANDOM "+strings.Repeat("0", 64)+" ") { 1119 t.Fatalf("%s: keylog line has incorrect structure or nonce: %q", side, loggedLine) 1120 } 1121 } 1122 1123 checkKeylogLine("client", clientBuf.String()) 1124 checkKeylogLine("server", serverBuf.String()) 1125 } 1126 1127 func TestKeyLogTLS13(t *testing.T) { 1128 var serverBuf, clientBuf bytes.Buffer 1129 1130 clientConfig := testConfig.Clone() 1131 clientConfig.KeyLogWriter = &clientBuf 1132 1133 serverConfig := testConfig.Clone() 1134 serverConfig.KeyLogWriter = &serverBuf 1135 1136 c, s := localPipe(t) 1137 done := make(chan bool) 1138 1139 go func() { 1140 defer close(done) 1141 1142 if err := Server(s, serverConfig).Handshake(); err != nil { 1143 t.Errorf("server: %s", err) 1144 return 1145 } 1146 s.Close() 1147 }() 1148 1149 if err := Client(c, clientConfig).Handshake(); err != nil { 1150 t.Fatalf("client: %s", err) 1151 } 1152 1153 c.Close() 1154 <-done 1155 1156 checkKeylogLines := func(side, loggedLines string) { 1157 loggedLines = strings.TrimSpace(loggedLines) 1158 lines := strings.Split(loggedLines, "\n") 1159 if len(lines) != 4 { 1160 t.Errorf("Expected the %s to log 4 lines, got %d", side, len(lines)) 1161 } 1162 } 1163 1164 checkKeylogLines("client", clientBuf.String()) 1165 checkKeylogLines("server", serverBuf.String()) 1166 } 1167 1168 func TestHandshakeClientALPNMatch(t *testing.T) { 1169 config := testConfig.Clone() 1170 config.NextProtos = []string{"proto2", "proto1"} 1171 1172 test := &clientTest{ 1173 name: "ALPN", 1174 // Note that this needs OpenSSL 1.0.2 because that is the first 1175 // version that supports the -alpn flag. 1176 args: []string{"-alpn", "proto1,proto2"}, 1177 config: config, 1178 validate: func(state ConnectionState) error { 1179 // The server's preferences should override the client. 1180 if state.NegotiatedProtocol != "proto1" { 1181 return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol) 1182 } 1183 return nil 1184 }, 1185 } 1186 runClientTestTLS12(t, test) 1187 runClientTestTLS13(t, test) 1188 } 1189 1190 // sctsBase64 contains data from `openssl s_client -serverinfo 18 -connect ritter.vg:443` 1191 const sctsBase64 = "ABIBaQFnAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFHl5nuFgAABAMARjBEAiAcS4JdlW5nW9sElUv2zvQyPoZ6ejKrGGB03gjaBZFMLwIgc1Qbbn+hsH0RvObzhS+XZhr3iuQQJY8S9G85D9KeGPAAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUeX4bVwAAAEAwBHMEUCIDIhFDgG2HIuADBkGuLobU5a4dlCHoJLliWJ1SYT05z6AiEAjxIoZFFPRNWMGGIjskOTMwXzQ1Wh2e7NxXE1kd1J0QsAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAUhcZIqHAAAEAwBHMEUCICmJ1rBT09LpkbzxtUC+Hi7nXLR0J+2PmwLp+sJMuqK+AiEAr0NkUnEVKVhAkccIFpYDqHOlZaBsuEhWWrYpg2RtKp0=" 1192 1193 func TestHandshakClientSCTs(t *testing.T) { 1194 config := testConfig.Clone() 1195 1196 scts, err := base64.StdEncoding.DecodeString(sctsBase64) 1197 if err != nil { 1198 t.Fatal(err) 1199 } 1200 1201 // Note that this needs OpenSSL 1.0.2 because that is the first 1202 // version that supports the -serverinfo flag. 1203 test := &clientTest{ 1204 name: "SCT", 1205 config: config, 1206 extensions: [][]byte{scts}, 1207 validate: func(state ConnectionState) error { 1208 expectedSCTs := [][]byte{ 1209 scts[8:125], 1210 scts[127:245], 1211 scts[247:], 1212 } 1213 if n := len(state.SignedCertificateTimestamps); n != len(expectedSCTs) { 1214 return fmt.Errorf("Got %d scts, wanted %d", n, len(expectedSCTs)) 1215 } 1216 for i, expected := range expectedSCTs { 1217 if sct := state.SignedCertificateTimestamps[i]; !bytes.Equal(sct, expected) { 1218 return fmt.Errorf("SCT #%d contained %x, expected %x", i, sct, expected) 1219 } 1220 } 1221 return nil 1222 }, 1223 } 1224 runClientTestTLS12(t, test) 1225 1226 // TLS 1.3 moved SCTs to the Certificate extensions and -serverinfo only 1227 // supports ServerHello extensions. 1228 } 1229 1230 func TestRenegotiationRejected(t *testing.T) { 1231 config := testConfig.Clone() 1232 test := &clientTest{ 1233 name: "RenegotiationRejected", 1234 args: []string{"-state"}, 1235 config: config, 1236 numRenegotiations: 1, 1237 renegotiationExpectedToFail: 1, 1238 checkRenegotiationError: func(renegotiationNum int, err error) error { 1239 if err == nil { 1240 return errors.New("expected error from renegotiation but got nil") 1241 } 1242 if !strings.Contains(err.Error(), "no renegotiation") { 1243 return fmt.Errorf("expected renegotiation to be rejected but got %q", err) 1244 } 1245 return nil 1246 }, 1247 } 1248 runClientTestTLS12(t, test) 1249 } 1250 1251 func TestRenegotiateOnce(t *testing.T) { 1252 config := testConfig.Clone() 1253 config.Renegotiation = RenegotiateOnceAsClient 1254 1255 test := &clientTest{ 1256 name: "RenegotiateOnce", 1257 args: []string{"-state"}, 1258 config: config, 1259 numRenegotiations: 1, 1260 } 1261 1262 runClientTestTLS12(t, test) 1263 } 1264 1265 func TestRenegotiateTwice(t *testing.T) { 1266 config := testConfig.Clone() 1267 config.Renegotiation = RenegotiateFreelyAsClient 1268 1269 test := &clientTest{ 1270 name: "RenegotiateTwice", 1271 args: []string{"-state"}, 1272 config: config, 1273 numRenegotiations: 2, 1274 } 1275 1276 runClientTestTLS12(t, test) 1277 } 1278 1279 func TestRenegotiateTwiceRejected(t *testing.T) { 1280 config := testConfig.Clone() 1281 config.Renegotiation = RenegotiateOnceAsClient 1282 1283 test := &clientTest{ 1284 name: "RenegotiateTwiceRejected", 1285 args: []string{"-state"}, 1286 config: config, 1287 numRenegotiations: 2, 1288 renegotiationExpectedToFail: 2, 1289 checkRenegotiationError: func(renegotiationNum int, err error) error { 1290 if renegotiationNum == 1 { 1291 return err 1292 } 1293 1294 if err == nil { 1295 return errors.New("expected error from renegotiation but got nil") 1296 } 1297 if !strings.Contains(err.Error(), "no renegotiation") { 1298 return fmt.Errorf("expected renegotiation to be rejected but got %q", err) 1299 } 1300 return nil 1301 }, 1302 } 1303 1304 runClientTestTLS12(t, test) 1305 } 1306 1307 func TestHandshakeClientExportKeyingMaterial(t *testing.T) { 1308 test := &clientTest{ 1309 name: "ExportKeyingMaterial", 1310 config: testConfig.Clone(), 1311 validate: func(state ConnectionState) error { 1312 if km, err := state.ExportKeyingMaterial("test", nil, 42); err != nil { 1313 return fmt.Errorf("ExportKeyingMaterial failed: %v", err) 1314 } else if len(km) != 42 { 1315 return fmt.Errorf("Got %d bytes from ExportKeyingMaterial, wanted %d", len(km), 42) 1316 } 1317 return nil 1318 }, 1319 } 1320 runClientTestTLS10(t, test) 1321 runClientTestTLS12(t, test) 1322 runClientTestTLS13(t, test) 1323 } 1324 1325 var hostnameInSNITests = []struct { 1326 in, out string 1327 }{ 1328 // Opaque string 1329 {"", ""}, 1330 {"localhost", "localhost"}, 1331 {"foo, bar, baz and qux", "foo, bar, baz and qux"}, 1332 1333 // DNS hostname 1334 {"golang.org", "golang.org"}, 1335 {"golang.org.", "golang.org"}, 1336 1337 // Literal IPv4 address 1338 {"1.2.3.4", ""}, 1339 1340 // Literal IPv6 address 1341 {"::1", ""}, 1342 {"::1%lo0", ""}, // with zone identifier 1343 {"[::1]", ""}, // as per RFC 5952 we allow the [] style as IPv6 literal 1344 {"[::1%lo0]", ""}, 1345 } 1346 1347 func TestHostnameInSNI(t *testing.T) { 1348 for _, tt := range hostnameInSNITests { 1349 c, s := localPipe(t) 1350 1351 go func(host string) { 1352 Client(c, &Config{ServerName: host, InsecureSkipVerify: true}).Handshake() 1353 }(tt.in) 1354 1355 var header [5]byte 1356 if _, err := io.ReadFull(s, header[:]); err != nil { 1357 t.Fatal(err) 1358 } 1359 recordLen := int(header[3])<<8 | int(header[4]) 1360 1361 record := make([]byte, recordLen) 1362 if _, err := io.ReadFull(s, record[:]); err != nil { 1363 t.Fatal(err) 1364 } 1365 1366 c.Close() 1367 s.Close() 1368 1369 var m clientHelloMsg 1370 if !m.unmarshal(record) { 1371 t.Errorf("unmarshaling ClientHello for %q failed", tt.in) 1372 continue 1373 } 1374 if tt.in != tt.out && m.serverName == tt.in { 1375 t.Errorf("prohibited %q found in ClientHello: %x", tt.in, record) 1376 } 1377 if m.serverName != tt.out { 1378 t.Errorf("expected %q not found in ClientHello: %x", tt.out, record) 1379 } 1380 } 1381 } 1382 1383 func TestServerSelectingUnconfiguredCipherSuite(t *testing.T) { 1384 // This checks that the server can't select a cipher suite that the 1385 // client didn't offer. See #13174. 1386 1387 c, s := localPipe(t) 1388 errChan := make(chan error, 1) 1389 1390 go func() { 1391 client := Client(c, &Config{ 1392 ServerName: "foo", 1393 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, 1394 }) 1395 errChan <- client.Handshake() 1396 }() 1397 1398 var header [5]byte 1399 if _, err := io.ReadFull(s, header[:]); err != nil { 1400 t.Fatal(err) 1401 } 1402 recordLen := int(header[3])<<8 | int(header[4]) 1403 1404 record := make([]byte, recordLen) 1405 if _, err := io.ReadFull(s, record); err != nil { 1406 t.Fatal(err) 1407 } 1408 1409 // Create a ServerHello that selects a different cipher suite than the 1410 // sole one that the client offered. 1411 serverHello := &serverHelloMsg{ 1412 vers: VersionTLS12, 1413 random: make([]byte, 32), 1414 cipherSuite: TLS_RSA_WITH_AES_256_GCM_SHA384, 1415 } 1416 serverHelloBytes := serverHello.marshal() 1417 1418 s.Write([]byte{ 1419 byte(recordTypeHandshake), 1420 byte(VersionTLS12 >> 8), 1421 byte(VersionTLS12 & 0xff), 1422 byte(len(serverHelloBytes) >> 8), 1423 byte(len(serverHelloBytes)), 1424 }) 1425 s.Write(serverHelloBytes) 1426 s.Close() 1427 1428 if err := <-errChan; !strings.Contains(err.Error(), "unconfigured cipher") { 1429 t.Fatalf("Expected error about unconfigured cipher suite but got %q", err) 1430 } 1431 } 1432 1433 func TestVerifyPeerCertificate(t *testing.T) { 1434 t.Run("TLSv12", func(t *testing.T) { testVerifyPeerCertificate(t, VersionTLS12) }) 1435 t.Run("TLSv13", func(t *testing.T) { testVerifyPeerCertificate(t, VersionTLS13) }) 1436 } 1437 1438 func testVerifyPeerCertificate(t *testing.T, version uint16) { 1439 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 1440 if err != nil { 1441 panic(err) 1442 } 1443 1444 rootCAs := x509.NewCertPool() 1445 rootCAs.AddCert(issuer) 1446 1447 now := func() time.Time { return time.Unix(1476984729, 0) } 1448 1449 sentinelErr := errors.New("TestVerifyPeerCertificate") 1450 1451 verifyCallback := func(called *bool, rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { 1452 if l := len(rawCerts); l != 1 { 1453 return fmt.Errorf("got len(rawCerts) = %d, wanted 1", l) 1454 } 1455 if len(validatedChains) == 0 { 1456 return errors.New("got len(validatedChains) = 0, wanted non-zero") 1457 } 1458 *called = true 1459 return nil 1460 } 1461 1462 tests := []struct { 1463 configureServer func(*Config, *bool) 1464 configureClient func(*Config, *bool) 1465 validate func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) 1466 }{ 1467 { 1468 configureServer: func(config *Config, called *bool) { 1469 config.InsecureSkipVerify = false 1470 config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { 1471 return verifyCallback(called, rawCerts, validatedChains) 1472 } 1473 }, 1474 configureClient: func(config *Config, called *bool) { 1475 config.InsecureSkipVerify = false 1476 config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { 1477 return verifyCallback(called, rawCerts, validatedChains) 1478 } 1479 }, 1480 validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { 1481 if clientErr != nil { 1482 t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) 1483 } 1484 if serverErr != nil { 1485 t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) 1486 } 1487 if !clientCalled { 1488 t.Errorf("test[%d]: client did not call callback", testNo) 1489 } 1490 if !serverCalled { 1491 t.Errorf("test[%d]: server did not call callback", testNo) 1492 } 1493 }, 1494 }, 1495 { 1496 configureServer: func(config *Config, called *bool) { 1497 config.InsecureSkipVerify = false 1498 config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { 1499 return sentinelErr 1500 } 1501 }, 1502 configureClient: func(config *Config, called *bool) { 1503 config.VerifyPeerCertificate = nil 1504 }, 1505 validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { 1506 if serverErr != sentinelErr { 1507 t.Errorf("#%d: got server error %v, wanted sentinelErr", testNo, serverErr) 1508 } 1509 }, 1510 }, 1511 { 1512 configureServer: func(config *Config, called *bool) { 1513 config.InsecureSkipVerify = false 1514 }, 1515 configureClient: func(config *Config, called *bool) { 1516 config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { 1517 return sentinelErr 1518 } 1519 }, 1520 validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { 1521 if clientErr != sentinelErr { 1522 t.Errorf("#%d: got client error %v, wanted sentinelErr", testNo, clientErr) 1523 } 1524 }, 1525 }, 1526 { 1527 configureServer: func(config *Config, called *bool) { 1528 config.InsecureSkipVerify = false 1529 }, 1530 configureClient: func(config *Config, called *bool) { 1531 config.InsecureSkipVerify = true 1532 config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { 1533 if l := len(rawCerts); l != 1 { 1534 return fmt.Errorf("got len(rawCerts) = %d, wanted 1", l) 1535 } 1536 // With InsecureSkipVerify set, this 1537 // callback should still be called but 1538 // validatedChains must be empty. 1539 if l := len(validatedChains); l != 0 { 1540 return fmt.Errorf("got len(validatedChains) = %d, wanted zero", l) 1541 } 1542 *called = true 1543 return nil 1544 } 1545 }, 1546 validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { 1547 if clientErr != nil { 1548 t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) 1549 } 1550 if serverErr != nil { 1551 t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) 1552 } 1553 if !clientCalled { 1554 t.Errorf("test[%d]: client did not call callback", testNo) 1555 } 1556 }, 1557 }, 1558 } 1559 1560 for i, test := range tests { 1561 c, s := localPipe(t) 1562 done := make(chan error) 1563 1564 var clientCalled, serverCalled bool 1565 1566 go func() { 1567 config := testConfig.Clone() 1568 config.ServerName = "example.golang" 1569 config.ClientAuth = RequireAndVerifyClientCert 1570 config.ClientCAs = rootCAs 1571 config.Time = now 1572 config.MaxVersion = version 1573 test.configureServer(config, &serverCalled) 1574 1575 err = Server(s, config).Handshake() 1576 s.Close() 1577 done <- err 1578 }() 1579 1580 config := testConfig.Clone() 1581 config.ServerName = "example.golang" 1582 config.RootCAs = rootCAs 1583 config.Time = now 1584 config.MaxVersion = version 1585 test.configureClient(config, &clientCalled) 1586 clientErr := Client(c, config).Handshake() 1587 c.Close() 1588 serverErr := <-done 1589 1590 test.validate(t, i, clientCalled, serverCalled, clientErr, serverErr) 1591 } 1592 } 1593 1594 // brokenConn wraps a net.Conn and causes all Writes after a certain number to 1595 // fail with brokenConnErr. 1596 type brokenConn struct { 1597 net.Conn 1598 1599 // breakAfter is the number of successful writes that will be allowed 1600 // before all subsequent writes fail. 1601 breakAfter int 1602 1603 // numWrites is the number of writes that have been done. 1604 numWrites int 1605 } 1606 1607 // brokenConnErr is the error that brokenConn returns once exhausted. 1608 var brokenConnErr = errors.New("too many writes to brokenConn") 1609 1610 func (b *brokenConn) Write(data []byte) (int, error) { 1611 if b.numWrites >= b.breakAfter { 1612 return 0, brokenConnErr 1613 } 1614 1615 b.numWrites++ 1616 return b.Conn.Write(data) 1617 } 1618 1619 func TestFailedWrite(t *testing.T) { 1620 // Test that a write error during the handshake is returned. 1621 for _, breakAfter := range []int{0, 1} { 1622 c, s := localPipe(t) 1623 done := make(chan bool) 1624 1625 go func() { 1626 Server(s, testConfig).Handshake() 1627 s.Close() 1628 done <- true 1629 }() 1630 1631 brokenC := &brokenConn{Conn: c, breakAfter: breakAfter} 1632 err := Client(brokenC, testConfig).Handshake() 1633 if err != brokenConnErr { 1634 t.Errorf("#%d: expected error from brokenConn but got %q", breakAfter, err) 1635 } 1636 brokenC.Close() 1637 1638 <-done 1639 } 1640 } 1641 1642 // writeCountingConn wraps a net.Conn and counts the number of Write calls. 1643 type writeCountingConn struct { 1644 net.Conn 1645 1646 // numWrites is the number of writes that have been done. 1647 numWrites int 1648 } 1649 1650 func (wcc *writeCountingConn) Write(data []byte) (int, error) { 1651 wcc.numWrites++ 1652 return wcc.Conn.Write(data) 1653 } 1654 1655 func TestBuffering(t *testing.T) { 1656 t.Run("TLSv12", func(t *testing.T) { testBuffering(t, VersionTLS12) }) 1657 t.Run("TLSv13", func(t *testing.T) { testBuffering(t, VersionTLS13) }) 1658 } 1659 1660 func testBuffering(t *testing.T, version uint16) { 1661 c, s := localPipe(t) 1662 done := make(chan bool) 1663 1664 clientWCC := &writeCountingConn{Conn: c} 1665 serverWCC := &writeCountingConn{Conn: s} 1666 1667 go func() { 1668 config := testConfig.Clone() 1669 config.MaxVersion = version 1670 Server(serverWCC, config).Handshake() 1671 serverWCC.Close() 1672 done <- true 1673 }() 1674 1675 err := Client(clientWCC, testConfig).Handshake() 1676 if err != nil { 1677 t.Fatal(err) 1678 } 1679 clientWCC.Close() 1680 <-done 1681 1682 var expectedClient, expectedServer int 1683 if version == VersionTLS13 { 1684 expectedClient = 2 1685 expectedServer = 1 1686 } else { 1687 expectedClient = 2 1688 expectedServer = 2 1689 } 1690 1691 if n := clientWCC.numWrites; n != expectedClient { 1692 t.Errorf("expected client handshake to complete with %d writes, but saw %d", expectedClient, n) 1693 } 1694 1695 if n := serverWCC.numWrites; n != expectedServer { 1696 t.Errorf("expected server handshake to complete with %d writes, but saw %d", expectedServer, n) 1697 } 1698 } 1699 1700 func TestAlertFlushing(t *testing.T) { 1701 c, s := localPipe(t) 1702 done := make(chan bool) 1703 1704 clientWCC := &writeCountingConn{Conn: c} 1705 serverWCC := &writeCountingConn{Conn: s} 1706 1707 serverConfig := testConfig.Clone() 1708 1709 // Cause a signature-time error 1710 brokenKey := rsa.PrivateKey{PublicKey: testRSAPrivateKey.PublicKey} 1711 brokenKey.D = big.NewInt(42) 1712 serverConfig.Certificates = []Certificate{{ 1713 Certificate: [][]byte{testRSACertificate}, 1714 PrivateKey: &brokenKey, 1715 }} 1716 1717 go func() { 1718 Server(serverWCC, serverConfig).Handshake() 1719 serverWCC.Close() 1720 done <- true 1721 }() 1722 1723 err := Client(clientWCC, testConfig).Handshake() 1724 if err == nil { 1725 t.Fatal("client unexpectedly returned no error") 1726 } 1727 1728 const expectedError = "remote error: tls: internal error" 1729 if e := err.Error(); !strings.Contains(e, expectedError) { 1730 t.Fatalf("expected to find %q in error but error was %q", expectedError, e) 1731 } 1732 clientWCC.Close() 1733 <-done 1734 1735 if n := serverWCC.numWrites; n != 1 { 1736 t.Errorf("expected server handshake to complete with one write, but saw %d", n) 1737 } 1738 } 1739 1740 func TestHandshakeRace(t *testing.T) { 1741 if testing.Short() { 1742 t.Skip("skipping in -short mode") 1743 } 1744 t.Parallel() 1745 // This test races a Read and Write to try and complete a handshake in 1746 // order to provide some evidence that there are no races or deadlocks 1747 // in the handshake locking. 1748 for i := 0; i < 32; i++ { 1749 c, s := localPipe(t) 1750 1751 go func() { 1752 server := Server(s, testConfig) 1753 if err := server.Handshake(); err != nil { 1754 panic(err) 1755 } 1756 1757 var request [1]byte 1758 if n, err := server.Read(request[:]); err != nil || n != 1 { 1759 panic(err) 1760 } 1761 1762 server.Write(request[:]) 1763 server.Close() 1764 }() 1765 1766 startWrite := make(chan struct{}) 1767 startRead := make(chan struct{}) 1768 readDone := make(chan struct{}) 1769 1770 client := Client(c, testConfig) 1771 go func() { 1772 <-startWrite 1773 var request [1]byte 1774 client.Write(request[:]) 1775 }() 1776 1777 go func() { 1778 <-startRead 1779 var reply [1]byte 1780 if _, err := io.ReadFull(client, reply[:]); err != nil { 1781 panic(err) 1782 } 1783 c.Close() 1784 readDone <- struct{}{} 1785 }() 1786 1787 if i&1 == 1 { 1788 startWrite <- struct{}{} 1789 startRead <- struct{}{} 1790 } else { 1791 startRead <- struct{}{} 1792 startWrite <- struct{}{} 1793 } 1794 <-readDone 1795 } 1796 } 1797 1798 var getClientCertificateTests = []struct { 1799 setup func(*Config, *Config) 1800 expectedClientError string 1801 verify func(*testing.T, int, *ConnectionState) 1802 }{ 1803 { 1804 func(clientConfig, serverConfig *Config) { 1805 // Returning a Certificate with no certificate data 1806 // should result in an empty message being sent to the 1807 // server. 1808 serverConfig.ClientCAs = nil 1809 clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { 1810 if len(cri.SignatureSchemes) == 0 { 1811 panic("empty SignatureSchemes") 1812 } 1813 if len(cri.AcceptableCAs) != 0 { 1814 panic("AcceptableCAs should have been empty") 1815 } 1816 return new(Certificate), nil 1817 } 1818 }, 1819 "", 1820 func(t *testing.T, testNum int, cs *ConnectionState) { 1821 if l := len(cs.PeerCertificates); l != 0 { 1822 t.Errorf("#%d: expected no certificates but got %d", testNum, l) 1823 } 1824 }, 1825 }, 1826 { 1827 func(clientConfig, serverConfig *Config) { 1828 // With TLS 1.1, the SignatureSchemes should be 1829 // synthesised from the supported certificate types. 1830 clientConfig.MaxVersion = VersionTLS11 1831 clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { 1832 if len(cri.SignatureSchemes) == 0 { 1833 panic("empty SignatureSchemes") 1834 } 1835 return new(Certificate), nil 1836 } 1837 }, 1838 "", 1839 func(t *testing.T, testNum int, cs *ConnectionState) { 1840 if l := len(cs.PeerCertificates); l != 0 { 1841 t.Errorf("#%d: expected no certificates but got %d", testNum, l) 1842 } 1843 }, 1844 }, 1845 { 1846 func(clientConfig, serverConfig *Config) { 1847 // Returning an error should abort the handshake with 1848 // that error. 1849 clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { 1850 return nil, errors.New("GetClientCertificate") 1851 } 1852 }, 1853 "GetClientCertificate", 1854 func(t *testing.T, testNum int, cs *ConnectionState) { 1855 }, 1856 }, 1857 { 1858 func(clientConfig, serverConfig *Config) { 1859 clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { 1860 if len(cri.AcceptableCAs) == 0 { 1861 panic("empty AcceptableCAs") 1862 } 1863 cert := &Certificate{ 1864 Certificate: [][]byte{testRSACertificate}, 1865 PrivateKey: testRSAPrivateKey, 1866 } 1867 return cert, nil 1868 } 1869 }, 1870 "", 1871 func(t *testing.T, testNum int, cs *ConnectionState) { 1872 if len(cs.VerifiedChains) == 0 { 1873 t.Errorf("#%d: expected some verified chains, but found none", testNum) 1874 } 1875 }, 1876 }, 1877 } 1878 1879 func TestGetClientCertificate(t *testing.T) { 1880 t.Run("TLSv12", func(t *testing.T) { testGetClientCertificate(t, VersionTLS12) }) 1881 t.Run("TLSv13", func(t *testing.T) { testGetClientCertificate(t, VersionTLS13) }) 1882 } 1883 1884 func testGetClientCertificate(t *testing.T, version uint16) { 1885 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 1886 if err != nil { 1887 panic(err) 1888 } 1889 1890 for i, test := range getClientCertificateTests { 1891 serverConfig := testConfig.Clone() 1892 serverConfig.ClientAuth = VerifyClientCertIfGiven 1893 serverConfig.RootCAs = x509.NewCertPool() 1894 serverConfig.RootCAs.AddCert(issuer) 1895 serverConfig.ClientCAs = serverConfig.RootCAs 1896 serverConfig.Time = func() time.Time { return time.Unix(1476984729, 0) } 1897 serverConfig.MaxVersion = version 1898 1899 clientConfig := testConfig.Clone() 1900 clientConfig.MaxVersion = version 1901 1902 test.setup(clientConfig, serverConfig) 1903 1904 type serverResult struct { 1905 cs ConnectionState 1906 err error 1907 } 1908 1909 c, s := localPipe(t) 1910 done := make(chan serverResult) 1911 1912 go func() { 1913 defer s.Close() 1914 server := Server(s, serverConfig) 1915 err := server.Handshake() 1916 1917 var cs ConnectionState 1918 if err == nil { 1919 cs = server.ConnectionState() 1920 } 1921 done <- serverResult{cs, err} 1922 }() 1923 1924 clientErr := Client(c, clientConfig).Handshake() 1925 c.Close() 1926 1927 result := <-done 1928 1929 if clientErr != nil { 1930 if len(test.expectedClientError) == 0 { 1931 t.Errorf("#%d: client error: %v", i, clientErr) 1932 } else if got := clientErr.Error(); got != test.expectedClientError { 1933 t.Errorf("#%d: expected client error %q, but got %q", i, test.expectedClientError, got) 1934 } else { 1935 test.verify(t, i, &result.cs) 1936 } 1937 } else if len(test.expectedClientError) > 0 { 1938 t.Errorf("#%d: expected client error %q, but got no error", i, test.expectedClientError) 1939 } else if err := result.err; err != nil { 1940 t.Errorf("#%d: server error: %v", i, err) 1941 } else { 1942 test.verify(t, i, &result.cs) 1943 } 1944 } 1945 } 1946 1947 func TestRSAPSSKeyError(t *testing.T) { 1948 // crypto/tls does not support the rsa_pss_pss_* SignatureSchemes. If support for 1949 // public keys with OID RSASSA-PSS is added to crypto/x509, they will be misused with 1950 // the rsa_pss_rsae_* SignatureSchemes. Assert that RSASSA-PSS certificates don't 1951 // parse, or that they don't carry *rsa.PublicKey keys. 1952 b, _ := pem.Decode([]byte(` 1953 -----BEGIN CERTIFICATE----- 1954 MIIDZTCCAhygAwIBAgIUCF2x0FyTgZG0CC9QTDjGWkB5vgEwPgYJKoZIhvcNAQEK 1955 MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC 1956 AgDeMBIxEDAOBgNVBAMMB1JTQS1QU1MwHhcNMTgwNjI3MjI0NDM2WhcNMTgwNzI3 1957 MjI0NDM2WjASMRAwDgYDVQQDDAdSU0EtUFNTMIIBIDALBgkqhkiG9w0BAQoDggEP 1958 ADCCAQoCggEBANxDm0f76JdI06YzsjB3AmmjIYkwUEGxePlafmIASFjDZl/elD0Z 1959 /a7xLX468b0qGxLS5al7XCcEprSdsDR6DF5L520+pCbpfLyPOjuOvGmk9KzVX4x5 1960 b05YXYuXdsQ0Kjxcx2i3jjCday6scIhMJVgBZxTEyMj1thPQM14SHzKCd/m6HmCL 1961 QmswpH2yMAAcBRWzRpp/vdH5DeOJEB3aelq7094no731mrLUCHRiZ1htq8BDB3ou 1962 czwqgwspbqZ4dnMXl2MvfySQ5wJUxQwILbiuAKO2lVVPUbFXHE9pgtznNoPvKwQT 1963 JNcX8ee8WIZc2SEGzofjk3NpjR+2ADB2u3sCAwEAAaNTMFEwHQYDVR0OBBYEFNEz 1964 AdyJ2f+fU+vSCS6QzohnOnprMB8GA1UdIwQYMBaAFNEzAdyJ2f+fU+vSCS6Qzohn 1965 OnprMA8GA1UdEwEB/wQFMAMBAf8wPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQME 1966 AgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeA4IBAQCjEdrR5aab 1967 sZmCwrMeKidXgfkmWvfuLDE+TCbaqDZp7BMWcMQXT9O0UoUT5kqgKj2ARm2pEW0Z 1968 H3Z1vj3bbds72qcDIJXp+l0fekyLGeCrX/CbgnMZXEP7+/+P416p34ChR1Wz4dU1 1969 KD3gdsUuTKKeMUog3plxlxQDhRQmiL25ygH1LmjLd6dtIt0GVRGr8lj3euVeprqZ 1970 bZ3Uq5eLfsn8oPgfC57gpO6yiN+UURRTlK3bgYvLh4VWB3XXk9UaQZ7Mq1tpXjoD 1971 HYFybkWzibkZp4WRo+Fa28rirH+/wHt0vfeN7UCceURZEx4JaxIIfe4ku7uDRhJi 1972 RwBA9Xk1KBNF 1973 -----END CERTIFICATE-----`)) 1974 if b == nil { 1975 t.Fatal("Failed to decode certificate") 1976 } 1977 cert, err := x509.ParseCertificate(b.Bytes) 1978 if err != nil { 1979 return 1980 } 1981 if _, ok := cert.PublicKey.(*rsa.PublicKey); ok { 1982 t.Error("A RSASSA-PSS certificate was parsed like a PKCS#1 v1.5 one, and it will be mistakenly used with rsa_pss_rsae_* signature algorithms") 1983 } 1984 } 1985 1986 func TestCloseClientConnectionOnIdleServer(t *testing.T) { 1987 clientConn, serverConn := localPipe(t) 1988 client := Client(clientConn, testConfig.Clone()) 1989 go func() { 1990 var b [1]byte 1991 serverConn.Read(b[:]) 1992 client.Close() 1993 }() 1994 client.SetWriteDeadline(time.Now().Add(time.Minute)) 1995 err := client.Handshake() 1996 if err != nil { 1997 if err, ok := err.(net.Error); ok && err.Timeout() { 1998 t.Errorf("Expected a closed network connection error but got '%s'", err.Error()) 1999 } 2000 } else { 2001 t.Errorf("Error expected, but no error returned") 2002 } 2003 }