github.com/JimmyHuang454/JLS-go@v0.0.0-20230831150107-90d536585ba0/tls/tls_test.go (about) 1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "bytes" 9 "context" 10 "crypto" 11 "crypto/x509" 12 "encoding/json" 13 "errors" 14 "fmt" 15 "github.com/JimmyHuang454/JLS-go/internal/testenv" 16 "io" 17 "math" 18 "net" 19 "os" 20 "reflect" 21 "sort" 22 "strings" 23 "testing" 24 "time" 25 ) 26 27 var rsaCertPEM = `-----BEGIN CERTIFICATE----- 28 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 29 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 30 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF 31 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 32 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ 33 hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa 34 rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv 35 zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF 36 MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW 37 r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V 38 -----END CERTIFICATE----- 39 ` 40 41 var rsaKeyPEM = testingKey(`-----BEGIN RSA TESTING KEY----- 42 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 43 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 44 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 45 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 46 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 47 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 48 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 49 -----END RSA TESTING KEY----- 50 `) 51 52 // keyPEM is the same as rsaKeyPEM, but declares itself as just 53 // "PRIVATE KEY", not "RSA PRIVATE KEY". https://golang.org/issue/4477 54 var keyPEM = testingKey(`-----BEGIN TESTING KEY----- 55 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 56 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 57 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 58 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 59 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 60 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 61 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 62 -----END TESTING KEY----- 63 `) 64 65 var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- 66 MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw 67 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 68 eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG 69 EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk 70 Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR 71 lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl 72 01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8 73 XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo 74 A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb 75 H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1 76 +jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA== 77 -----END CERTIFICATE----- 78 ` 79 80 var ecdsaKeyPEM = testingKey(`-----BEGIN EC PARAMETERS----- 81 BgUrgQQAIw== 82 -----END EC PARAMETERS----- 83 -----BEGIN EC TESTING KEY----- 84 MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0 85 NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL 86 06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz 87 VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q 88 kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ== 89 -----END EC TESTING KEY----- 90 `) 91 92 var keyPairTests = []struct { 93 algo string 94 cert string 95 key string 96 }{ 97 {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM}, 98 {"RSA", rsaCertPEM, rsaKeyPEM}, 99 {"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477 100 } 101 102 func TestX509KeyPair(t *testing.T) { 103 t.Parallel() 104 var pem []byte 105 for _, test := range keyPairTests { 106 pem = []byte(test.cert + test.key) 107 if _, err := X509KeyPair(pem, pem); err != nil { 108 t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err) 109 } 110 pem = []byte(test.key + test.cert) 111 if _, err := X509KeyPair(pem, pem); err != nil { 112 t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err) 113 } 114 } 115 } 116 117 func TestX509KeyPairErrors(t *testing.T) { 118 _, err := X509KeyPair([]byte(rsaKeyPEM), []byte(rsaCertPEM)) 119 if err == nil { 120 t.Fatalf("X509KeyPair didn't return an error when arguments were switched") 121 } 122 if subStr := "been switched"; !strings.Contains(err.Error(), subStr) { 123 t.Fatalf("Expected %q in the error when switching arguments to X509KeyPair, but the error was %q", subStr, err) 124 } 125 126 _, err = X509KeyPair([]byte(rsaCertPEM), []byte(rsaCertPEM)) 127 if err == nil { 128 t.Fatalf("X509KeyPair didn't return an error when both arguments were certificates") 129 } 130 if subStr := "certificate"; !strings.Contains(err.Error(), subStr) { 131 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were certificates, but the error was %q", subStr, err) 132 } 133 134 const nonsensePEM = ` 135 -----BEGIN NONSENSE----- 136 Zm9vZm9vZm9v 137 -----END NONSENSE----- 138 ` 139 140 _, err = X509KeyPair([]byte(nonsensePEM), []byte(nonsensePEM)) 141 if err == nil { 142 t.Fatalf("X509KeyPair didn't return an error when both arguments were nonsense") 143 } 144 if subStr := "NONSENSE"; !strings.Contains(err.Error(), subStr) { 145 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were nonsense, but the error was %q", subStr, err) 146 } 147 } 148 149 func TestX509MixedKeyPair(t *testing.T) { 150 if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil { 151 t.Error("Load of RSA certificate succeeded with ECDSA private key") 152 } 153 if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil { 154 t.Error("Load of ECDSA certificate succeeded with RSA private key") 155 } 156 } 157 158 func newLocalListener(t testing.TB) net.Listener { 159 ln, err := net.Listen("tcp", "127.0.0.1:0") 160 if err != nil { 161 ln, err = net.Listen("tcp6", "[::1]:0") 162 } 163 if err != nil { 164 t.Fatal(err) 165 } 166 return ln 167 } 168 169 func TestDialTimeout(t *testing.T) { 170 if testing.Short() { 171 t.Skip("skipping in short mode") 172 } 173 174 timeout := 100 * time.Microsecond 175 for !t.Failed() { 176 acceptc := make(chan net.Conn) 177 listener := newLocalListener(t) 178 go func() { 179 for { 180 conn, err := listener.Accept() 181 if err != nil { 182 close(acceptc) 183 return 184 } 185 acceptc <- conn 186 } 187 }() 188 189 addr := listener.Addr().String() 190 dialer := &net.Dialer{ 191 Timeout: timeout, 192 } 193 if conn, err := DialWithDialer(dialer, "tcp", addr, nil); err == nil { 194 conn.Close() 195 t.Errorf("DialWithTimeout unexpectedly completed successfully") 196 } else if !isTimeoutError(err) { 197 t.Errorf("resulting error not a timeout: %v\nType %T: %#v", err, err, err) 198 } 199 200 listener.Close() 201 202 // We're looking for a timeout during the handshake, so check that the 203 // Listener actually accepted the connection to initiate it. (If the server 204 // takes too long to accept the connection, we might cancel before the 205 // underlying net.Conn is ever dialed — without ever attempting a 206 // handshake.) 207 lconn, ok := <-acceptc 208 if ok { 209 // The Listener accepted a connection, so assume that it was from our 210 // Dial: we triggered the timeout at the point where we wanted it! 211 t.Logf("Listener accepted a connection from %s", lconn.RemoteAddr()) 212 lconn.Close() 213 } 214 // Close any spurious extra connecitions from the listener. (This is 215 // possible if there are, for example, stray Dial calls from other tests.) 216 for extraConn := range acceptc { 217 t.Logf("spurious extra connection from %s", extraConn.RemoteAddr()) 218 extraConn.Close() 219 } 220 if ok { 221 break 222 } 223 224 t.Logf("with timeout %v, DialWithDialer returned before listener accepted any connections; retrying", timeout) 225 timeout *= 2 226 } 227 } 228 229 func TestDeadlineOnWrite(t *testing.T) { 230 if testing.Short() { 231 t.Skip("skipping in short mode") 232 } 233 234 ln := newLocalListener(t) 235 defer ln.Close() 236 237 srvCh := make(chan *Conn, 1) 238 239 go func() { 240 sconn, err := ln.Accept() 241 if err != nil { 242 srvCh <- nil 243 return 244 } 245 srv := Server(sconn, testConfig.Clone()) 246 if err := srv.Handshake(); err != nil { 247 srvCh <- nil 248 return 249 } 250 srvCh <- srv 251 }() 252 253 clientConfig := testConfig.Clone() 254 clientConfig.MaxVersion = VersionTLS12 255 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 256 if err != nil { 257 t.Fatal(err) 258 } 259 defer conn.Close() 260 261 srv := <-srvCh 262 if srv == nil { 263 t.Error(err) 264 } 265 266 // Make sure the client/server is setup correctly and is able to do a typical Write/Read 267 buf := make([]byte, 6) 268 if _, err := srv.Write([]byte("foobar")); err != nil { 269 t.Errorf("Write err: %v", err) 270 } 271 if n, err := conn.Read(buf); n != 6 || err != nil || string(buf) != "foobar" { 272 t.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf) 273 } 274 275 // Set a deadline which should cause Write to timeout 276 if err = srv.SetDeadline(time.Now()); err != nil { 277 t.Fatalf("SetDeadline(time.Now()) err: %v", err) 278 } 279 if _, err = srv.Write([]byte("should fail")); err == nil { 280 t.Fatal("Write should have timed out") 281 } 282 283 // Clear deadline and make sure it still times out 284 if err = srv.SetDeadline(time.Time{}); err != nil { 285 t.Fatalf("SetDeadline(time.Time{}) err: %v", err) 286 } 287 if _, err = srv.Write([]byte("This connection is permanently broken")); err == nil { 288 t.Fatal("Write which previously failed should still time out") 289 } 290 291 // Verify the error 292 if ne := err.(net.Error); ne.Temporary() != false { 293 t.Error("Write timed out but incorrectly classified the error as Temporary") 294 } 295 if !isTimeoutError(err) { 296 t.Error("Write timed out but did not classify the error as a Timeout") 297 } 298 } 299 300 type readerFunc func([]byte) (int, error) 301 302 func (f readerFunc) Read(b []byte) (int, error) { return f(b) } 303 304 // TestDialer tests that tls.Dialer.DialContext can abort in the middle of a handshake. 305 // (The other cases are all handled by the existing dial tests in this package, which 306 // all also flow through the same code shared code paths) 307 func TestDialer(t *testing.T) { 308 ln := newLocalListener(t) 309 defer ln.Close() 310 311 unblockServer := make(chan struct{}) // close-only 312 defer close(unblockServer) 313 go func() { 314 conn, err := ln.Accept() 315 if err != nil { 316 return 317 } 318 defer conn.Close() 319 <-unblockServer 320 }() 321 322 ctx, cancel := context.WithCancel(context.Background()) 323 d := Dialer{Config: &Config{ 324 Rand: readerFunc(func(b []byte) (n int, err error) { 325 // By the time crypto/tls wants randomness, that means it has a TCP 326 // connection, so we're past the Dialer's dial and now blocked 327 // in a handshake. Cancel our context and see if we get unstuck. 328 // (Our TCP listener above never reads or writes, so the Handshake 329 // would otherwise be stuck forever) 330 cancel() 331 return len(b), nil 332 }), 333 ServerName: "foo", 334 }} 335 _, err := d.DialContext(ctx, "tcp", ln.Addr().String()) 336 if err != context.Canceled { 337 t.Errorf("err = %v; want context.Canceled", err) 338 } 339 } 340 341 func isTimeoutError(err error) bool { 342 if ne, ok := err.(net.Error); ok { 343 return ne.Timeout() 344 } 345 return false 346 } 347 348 // tests that Conn.Read returns (non-zero, io.EOF) instead of 349 // (non-zero, nil) when a Close (alertCloseNotify) is sitting right 350 // behind the application data in the buffer. 351 func TestConnReadNonzeroAndEOF(t *testing.T) { 352 // This test is racy: it assumes that after a write to a 353 // localhost TCP connection, the peer TCP connection can 354 // immediately read it. Because it's racy, we skip this test 355 // in short mode, and then retry it several times with an 356 // increasing sleep in between our final write (via srv.Close 357 // below) and the following read. 358 if testing.Short() { 359 t.Skip("skipping in short mode") 360 } 361 var err error 362 for delay := time.Millisecond; delay <= 64*time.Millisecond; delay *= 2 { 363 if err = testConnReadNonzeroAndEOF(t, delay); err == nil { 364 return 365 } 366 } 367 t.Error(err) 368 } 369 370 func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { 371 ln := newLocalListener(t) 372 defer ln.Close() 373 374 srvCh := make(chan *Conn, 1) 375 var serr error 376 go func() { 377 sconn, err := ln.Accept() 378 if err != nil { 379 serr = err 380 srvCh <- nil 381 return 382 } 383 serverConfig := testConfig.Clone() 384 srv := Server(sconn, serverConfig) 385 if err := srv.Handshake(); err != nil { 386 serr = fmt.Errorf("handshake: %v", err) 387 srvCh <- nil 388 return 389 } 390 srvCh <- srv 391 }() 392 393 clientConfig := testConfig.Clone() 394 // In TLS 1.3, alerts are encrypted and disguised as application data, so 395 // the opportunistic peek won't work. 396 clientConfig.MaxVersion = VersionTLS12 397 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 398 if err != nil { 399 t.Fatal(err) 400 } 401 defer conn.Close() 402 403 srv := <-srvCh 404 if srv == nil { 405 return serr 406 } 407 408 buf := make([]byte, 6) 409 410 srv.Write([]byte("foobar")) 411 n, err := conn.Read(buf) 412 if n != 6 || err != nil || string(buf) != "foobar" { 413 return fmt.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf) 414 } 415 416 srv.Write([]byte("abcdef")) 417 srv.Close() 418 time.Sleep(delay) 419 n, err = conn.Read(buf) 420 if n != 6 || string(buf) != "abcdef" { 421 return fmt.Errorf("Read = %d, buf= %q; want 6, abcdef", n, buf) 422 } 423 if err != io.EOF { 424 return fmt.Errorf("Second Read error = %v; want io.EOF", err) 425 } 426 return nil 427 } 428 429 func TestTLSUniqueMatches(t *testing.T) { 430 ln := newLocalListener(t) 431 defer ln.Close() 432 433 serverTLSUniques := make(chan []byte) 434 parentDone := make(chan struct{}) 435 childDone := make(chan struct{}) 436 defer close(parentDone) 437 go func() { 438 defer close(childDone) 439 for i := 0; i < 2; i++ { 440 sconn, err := ln.Accept() 441 if err != nil { 442 t.Error(err) 443 return 444 } 445 serverConfig := testConfig.Clone() 446 serverConfig.MaxVersion = VersionTLS12 // TLSUnique is not defined in TLS 1.3 447 srv := Server(sconn, serverConfig) 448 if err := srv.Handshake(); err != nil { 449 t.Error(err) 450 return 451 } 452 select { 453 case <-parentDone: 454 return 455 case serverTLSUniques <- srv.ConnectionState().TLSUnique: 456 } 457 } 458 }() 459 460 clientConfig := testConfig.Clone() 461 clientConfig.ClientSessionCache = NewLRUClientSessionCache(1) 462 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 463 if err != nil { 464 t.Fatal(err) 465 } 466 467 var serverTLSUniquesValue []byte 468 select { 469 case <-childDone: 470 return 471 case serverTLSUniquesValue = <-serverTLSUniques: 472 } 473 474 if !bytes.Equal(conn.ConnectionState().TLSUnique, serverTLSUniquesValue) { 475 t.Error("client and server channel bindings differ") 476 } 477 if serverTLSUniquesValue == nil || bytes.Equal(serverTLSUniquesValue, make([]byte, 12)) { 478 t.Error("tls-unique is empty or zero") 479 } 480 conn.Close() 481 482 conn, err = Dial("tcp", ln.Addr().String(), clientConfig) 483 if err != nil { 484 t.Fatal(err) 485 } 486 defer conn.Close() 487 if !conn.ConnectionState().DidResume { 488 t.Error("second session did not use resumption") 489 } 490 491 select { 492 case <-childDone: 493 return 494 case serverTLSUniquesValue = <-serverTLSUniques: 495 } 496 497 if !bytes.Equal(conn.ConnectionState().TLSUnique, serverTLSUniquesValue) { 498 t.Error("client and server channel bindings differ when session resumption is used") 499 } 500 if serverTLSUniquesValue == nil || bytes.Equal(serverTLSUniquesValue, make([]byte, 12)) { 501 t.Error("resumption tls-unique is empty or zero") 502 } 503 } 504 505 func TestVerifyHostname(t *testing.T) { 506 testenv.MustHaveExternalNetwork(t) 507 508 c, err := Dial("tcp", "www.baidu.com:https", nil) 509 if err != nil { 510 t.Fatal(err) 511 } 512 if err := c.VerifyHostname("www.baidu.com"); err != nil { 513 t.Fatalf("verify www.baidu.com: %v", err) 514 } 515 if err := c.VerifyHostname("www.qq.com"); err == nil { 516 t.Fatalf("verify www.qq.com succeeded") 517 } 518 519 c, err = Dial("tcp", "www.baidu.com:https", &Config{InsecureSkipVerify: true}) 520 if err != nil { 521 t.Fatal(err) 522 } 523 if err := c.VerifyHostname("www.baidu.com"); err == nil { 524 t.Fatalf("verify www.baidu.com succeeded with InsecureSkipVerify=true") 525 } 526 } 527 528 func TestConnCloseBreakingWrite(t *testing.T) { 529 ln := newLocalListener(t) 530 defer ln.Close() 531 532 srvCh := make(chan *Conn, 1) 533 var serr error 534 var sconn net.Conn 535 go func() { 536 var err error 537 sconn, err = ln.Accept() 538 if err != nil { 539 serr = err 540 srvCh <- nil 541 return 542 } 543 serverConfig := testConfig.Clone() 544 srv := Server(sconn, serverConfig) 545 if err := srv.Handshake(); err != nil { 546 serr = fmt.Errorf("handshake: %v", err) 547 srvCh <- nil 548 return 549 } 550 srvCh <- srv 551 }() 552 553 cconn, err := net.Dial("tcp", ln.Addr().String()) 554 if err != nil { 555 t.Fatal(err) 556 } 557 defer cconn.Close() 558 559 conn := &changeImplConn{ 560 Conn: cconn, 561 } 562 563 clientConfig := testConfig.Clone() 564 tconn := Client(conn, clientConfig) 565 if err := tconn.Handshake(); err != nil { 566 t.Fatal(err) 567 } 568 569 srv := <-srvCh 570 if srv == nil { 571 t.Fatal(serr) 572 } 573 defer sconn.Close() 574 575 connClosed := make(chan struct{}) 576 conn.closeFunc = func() error { 577 close(connClosed) 578 return nil 579 } 580 581 inWrite := make(chan bool, 1) 582 var errConnClosed = errors.New("conn closed for test") 583 conn.writeFunc = func(p []byte) (n int, err error) { 584 inWrite <- true 585 <-connClosed 586 return 0, errConnClosed 587 } 588 589 closeReturned := make(chan bool, 1) 590 go func() { 591 <-inWrite 592 tconn.Close() // test that this doesn't block forever. 593 closeReturned <- true 594 }() 595 596 _, err = tconn.Write([]byte("foo")) 597 if err != errConnClosed { 598 t.Errorf("Write error = %v; want errConnClosed", err) 599 } 600 601 <-closeReturned 602 if err := tconn.Close(); err != net.ErrClosed { 603 t.Errorf("Close error = %v; want net.ErrClosed", err) 604 } 605 } 606 607 func TestConnCloseWrite(t *testing.T) { 608 ln := newLocalListener(t) 609 defer ln.Close() 610 611 clientDoneChan := make(chan struct{}) 612 613 serverCloseWrite := func() error { 614 sconn, err := ln.Accept() 615 if err != nil { 616 return fmt.Errorf("accept: %v", err) 617 } 618 defer sconn.Close() 619 620 serverConfig := testConfig.Clone() 621 srv := Server(sconn, serverConfig) 622 if err := srv.Handshake(); err != nil { 623 return fmt.Errorf("handshake: %v", err) 624 } 625 defer srv.Close() 626 627 data, err := io.ReadAll(srv) 628 if err != nil { 629 return err 630 } 631 if len(data) > 0 { 632 return fmt.Errorf("Read data = %q; want nothing", data) 633 } 634 635 if err := srv.CloseWrite(); err != nil { 636 return fmt.Errorf("server CloseWrite: %v", err) 637 } 638 639 // Wait for clientCloseWrite to finish, so we know we 640 // tested the CloseWrite before we defer the 641 // sconn.Close above, which would also cause the 642 // client to unblock like CloseWrite. 643 <-clientDoneChan 644 return nil 645 } 646 647 clientCloseWrite := func() error { 648 defer close(clientDoneChan) 649 650 clientConfig := testConfig.Clone() 651 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 652 if err != nil { 653 return err 654 } 655 if err := conn.Handshake(); err != nil { 656 return err 657 } 658 defer conn.Close() 659 660 if err := conn.CloseWrite(); err != nil { 661 return fmt.Errorf("client CloseWrite: %v", err) 662 } 663 664 if _, err := conn.Write([]byte{0}); err != errShutdown { 665 return fmt.Errorf("CloseWrite error = %v; want errShutdown", err) 666 } 667 668 data, err := io.ReadAll(conn) 669 if err != nil { 670 return err 671 } 672 if len(data) > 0 { 673 return fmt.Errorf("Read data = %q; want nothing", data) 674 } 675 return nil 676 } 677 678 errChan := make(chan error, 2) 679 680 go func() { errChan <- serverCloseWrite() }() 681 go func() { errChan <- clientCloseWrite() }() 682 683 for i := 0; i < 2; i++ { 684 select { 685 case err := <-errChan: 686 if err != nil { 687 t.Fatal(err) 688 } 689 case <-time.After(10 * time.Second): 690 t.Fatal("deadlock") 691 } 692 } 693 694 // Also test CloseWrite being called before the handshake is 695 // finished: 696 { 697 ln2 := newLocalListener(t) 698 defer ln2.Close() 699 700 netConn, err := net.Dial("tcp", ln2.Addr().String()) 701 if err != nil { 702 t.Fatal(err) 703 } 704 defer netConn.Close() 705 conn := Client(netConn, testConfig.Clone()) 706 707 if err := conn.CloseWrite(); err != errEarlyCloseWrite { 708 t.Errorf("CloseWrite error = %v; want errEarlyCloseWrite", err) 709 } 710 } 711 } 712 713 func TestWarningAlertFlood(t *testing.T) { 714 ln := newLocalListener(t) 715 defer ln.Close() 716 717 server := func() error { 718 sconn, err := ln.Accept() 719 if err != nil { 720 return fmt.Errorf("accept: %v", err) 721 } 722 defer sconn.Close() 723 724 serverConfig := testConfig.Clone() 725 srv := Server(sconn, serverConfig) 726 if err := srv.Handshake(); err != nil { 727 return fmt.Errorf("handshake: %v", err) 728 } 729 defer srv.Close() 730 731 _, err = io.ReadAll(srv) 732 if err == nil { 733 return errors.New("unexpected lack of error from server") 734 } 735 const expected = "too many ignored" 736 if str := err.Error(); !strings.Contains(str, expected) { 737 return fmt.Errorf("expected error containing %q, but saw: %s", expected, str) 738 } 739 740 return nil 741 } 742 743 errChan := make(chan error, 1) 744 go func() { errChan <- server() }() 745 746 clientConfig := testConfig.Clone() 747 clientConfig.MaxVersion = VersionTLS12 // there are no warning alerts in TLS 1.3 748 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 749 if err != nil { 750 t.Fatal(err) 751 } 752 defer conn.Close() 753 if err := conn.Handshake(); err != nil { 754 t.Fatal(err) 755 } 756 757 for i := 0; i < maxUselessRecords+1; i++ { 758 conn.sendAlert(alertNoRenegotiation) 759 } 760 761 if err := <-errChan; err != nil { 762 t.Fatal(err) 763 } 764 } 765 766 func TestCloneFuncFields(t *testing.T) { 767 const expectedCount = 8 768 called := 0 769 770 c1 := Config{ 771 Time: func() time.Time { 772 called |= 1 << 0 773 return time.Time{} 774 }, 775 GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { 776 called |= 1 << 1 777 return nil, nil 778 }, 779 GetClientCertificate: func(*CertificateRequestInfo) (*Certificate, error) { 780 called |= 1 << 2 781 return nil, nil 782 }, 783 GetConfigForClient: func(*ClientHelloInfo) (*Config, error) { 784 called |= 1 << 3 785 return nil, nil 786 }, 787 VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { 788 called |= 1 << 4 789 return nil 790 }, 791 VerifyConnection: func(ConnectionState) error { 792 called |= 1 << 5 793 return nil 794 }, 795 UnwrapSession: func(identity []byte, cs ConnectionState) (*SessionState, error) { 796 called |= 1 << 6 797 return nil, nil 798 }, 799 WrapSession: func(cs ConnectionState, ss *SessionState) ([]byte, error) { 800 called |= 1 << 7 801 return nil, nil 802 }, 803 } 804 805 c2 := c1.Clone() 806 807 c2.Time() 808 c2.GetCertificate(nil) 809 c2.GetClientCertificate(nil) 810 c2.GetConfigForClient(nil) 811 c2.VerifyPeerCertificate(nil, nil) 812 c2.VerifyConnection(ConnectionState{}) 813 c2.UnwrapSession(nil, ConnectionState{}) 814 c2.WrapSession(ConnectionState{}, nil) 815 816 if called != (1<<expectedCount)-1 { 817 t.Fatalf("expected %d calls but saw calls %b", expectedCount, called) 818 } 819 } 820 821 func TestCloneNonFuncFields(t *testing.T) { 822 var c1 Config 823 v := reflect.ValueOf(&c1).Elem() 824 825 typ := v.Type() 826 for i := 0; i < typ.NumField(); i++ { 827 f := v.Field(i) 828 // testing/quick can't handle functions or interfaces and so 829 // isn't used here. 830 switch fn := typ.Field(i).Name; fn { 831 case "Rand": 832 f.Set(reflect.ValueOf(io.Reader(os.Stdin))) 833 case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "VerifyConnection", "GetClientCertificate", "WrapSession", "UnwrapSession": 834 // DeepEqual can't compare functions. If you add a 835 // function field to this list, you must also change 836 // TestCloneFuncFields to ensure that the func field is 837 // cloned. 838 case "Certificates": 839 f.Set(reflect.ValueOf([]Certificate{ 840 {Certificate: [][]byte{{'b'}}}, 841 })) 842 case "NameToCertificate": 843 f.Set(reflect.ValueOf(map[string]*Certificate{"a": nil})) 844 case "RootCAs", "ClientCAs": 845 f.Set(reflect.ValueOf(x509.NewCertPool())) 846 case "ClientSessionCache": 847 f.Set(reflect.ValueOf(NewLRUClientSessionCache(10))) 848 case "KeyLogWriter": 849 f.Set(reflect.ValueOf(io.Writer(os.Stdout))) 850 case "NextProtos": 851 f.Set(reflect.ValueOf([]string{"a", "b"})) 852 case "ServerName": 853 f.Set(reflect.ValueOf("b")) 854 case "ClientAuth": 855 f.Set(reflect.ValueOf(VerifyClientCertIfGiven)) 856 case "InsecureSkipVerify", "SessionTicketsDisabled", "DynamicRecordSizingDisabled", "PreferServerCipherSuites": 857 f.Set(reflect.ValueOf(true)) 858 case "MinVersion", "MaxVersion": 859 f.Set(reflect.ValueOf(uint16(VersionTLS12))) 860 case "SessionTicketKey": 861 f.Set(reflect.ValueOf([32]byte{})) 862 case "CipherSuites": 863 f.Set(reflect.ValueOf([]uint16{1, 2})) 864 case "CurvePreferences": 865 f.Set(reflect.ValueOf([]CurveID{CurveP256})) 866 case "Renegotiation": 867 f.Set(reflect.ValueOf(RenegotiateOnceAsClient)) 868 case "mutex", "autoSessionTicketKeys", "sessionTicketKeys": 869 continue // these are unexported fields that are handled separately 870 default: 871 t.Errorf("all fields must be accounted for, but saw unknown field %q", fn) 872 } 873 } 874 // Set the unexported fields related to session ticket keys, which are copied with Clone(). 875 c1.autoSessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)} 876 c1.sessionTicketKeys = []ticketKey{c1.ticketKeyFromBytes(c1.SessionTicketKey)} 877 878 c2 := c1.Clone() 879 if !reflect.DeepEqual(&c1, c2) { 880 t.Errorf("clone failed to copy a field") 881 } 882 } 883 884 func TestCloneNilConfig(t *testing.T) { 885 var config *Config 886 if cc := config.Clone(); cc != nil { 887 t.Fatalf("Clone with nil should return nil, got: %+v", cc) 888 } 889 } 890 891 // changeImplConn is a net.Conn which can change its Write and Close 892 // methods. 893 type changeImplConn struct { 894 net.Conn 895 writeFunc func([]byte) (int, error) 896 closeFunc func() error 897 } 898 899 func (w *changeImplConn) Write(p []byte) (n int, err error) { 900 if w.writeFunc != nil { 901 return w.writeFunc(p) 902 } 903 return w.Conn.Write(p) 904 } 905 906 func (w *changeImplConn) Close() error { 907 if w.closeFunc != nil { 908 return w.closeFunc() 909 } 910 return w.Conn.Close() 911 } 912 913 func throughput(b *testing.B, version uint16, totalBytes int64, dynamicRecordSizingDisabled bool) { 914 ln := newLocalListener(b) 915 defer ln.Close() 916 917 N := b.N 918 919 // Less than 64KB because Windows appears to use a TCP rwin < 64KB. 920 // See Issue #15899. 921 const bufsize = 32 << 10 922 923 go func() { 924 buf := make([]byte, bufsize) 925 for i := 0; i < N; i++ { 926 sconn, err := ln.Accept() 927 if err != nil { 928 // panic rather than synchronize to avoid benchmark overhead 929 // (cannot call b.Fatal in goroutine) 930 panic(fmt.Errorf("accept: %v", err)) 931 } 932 serverConfig := testConfig.Clone() 933 serverConfig.CipherSuites = nil // the defaults may prefer faster ciphers 934 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 935 srv := Server(sconn, serverConfig) 936 if err := srv.Handshake(); err != nil { 937 panic(fmt.Errorf("handshake: %v", err)) 938 } 939 if _, err := io.CopyBuffer(srv, srv, buf); err != nil { 940 panic(fmt.Errorf("copy buffer: %v", err)) 941 } 942 } 943 }() 944 945 b.SetBytes(totalBytes) 946 clientConfig := testConfig.Clone() 947 clientConfig.CipherSuites = nil // the defaults may prefer faster ciphers 948 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 949 clientConfig.MaxVersion = version 950 951 buf := make([]byte, bufsize) 952 chunks := int(math.Ceil(float64(totalBytes) / float64(len(buf)))) 953 for i := 0; i < N; i++ { 954 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 955 if err != nil { 956 b.Fatal(err) 957 } 958 for j := 0; j < chunks; j++ { 959 _, err := conn.Write(buf) 960 if err != nil { 961 b.Fatal(err) 962 } 963 _, err = io.ReadFull(conn, buf) 964 if err != nil { 965 b.Fatal(err) 966 } 967 } 968 conn.Close() 969 } 970 } 971 972 func BenchmarkThroughput(b *testing.B) { 973 for _, mode := range []string{"Max", "Dynamic"} { 974 for size := 1; size <= 64; size <<= 1 { 975 name := fmt.Sprintf("%sPacket/%dMB", mode, size) 976 b.Run(name, func(b *testing.B) { 977 b.Run("TLSv12", func(b *testing.B) { 978 throughput(b, VersionTLS12, int64(size<<20), mode == "Max") 979 }) 980 b.Run("TLSv13", func(b *testing.B) { 981 throughput(b, VersionTLS13, int64(size<<20), mode == "Max") 982 }) 983 }) 984 } 985 } 986 } 987 988 type slowConn struct { 989 net.Conn 990 bps int 991 } 992 993 func (c *slowConn) Write(p []byte) (int, error) { 994 if c.bps == 0 { 995 panic("too slow") 996 } 997 t0 := time.Now() 998 wrote := 0 999 for wrote < len(p) { 1000 time.Sleep(100 * time.Microsecond) 1001 allowed := int(time.Since(t0).Seconds()*float64(c.bps)) / 8 1002 if allowed > len(p) { 1003 allowed = len(p) 1004 } 1005 if wrote < allowed { 1006 n, err := c.Conn.Write(p[wrote:allowed]) 1007 wrote += n 1008 if err != nil { 1009 return wrote, err 1010 } 1011 } 1012 } 1013 return len(p), nil 1014 } 1015 1016 func latency(b *testing.B, version uint16, bps int, dynamicRecordSizingDisabled bool) { 1017 ln := newLocalListener(b) 1018 defer ln.Close() 1019 1020 N := b.N 1021 1022 go func() { 1023 for i := 0; i < N; i++ { 1024 sconn, err := ln.Accept() 1025 if err != nil { 1026 // panic rather than synchronize to avoid benchmark overhead 1027 // (cannot call b.Fatal in goroutine) 1028 panic(fmt.Errorf("accept: %v", err)) 1029 } 1030 serverConfig := testConfig.Clone() 1031 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 1032 srv := Server(&slowConn{sconn, bps}, serverConfig) 1033 if err := srv.Handshake(); err != nil { 1034 panic(fmt.Errorf("handshake: %v", err)) 1035 } 1036 io.Copy(srv, srv) 1037 } 1038 }() 1039 1040 clientConfig := testConfig.Clone() 1041 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 1042 clientConfig.MaxVersion = version 1043 1044 buf := make([]byte, 16384) 1045 peek := make([]byte, 1) 1046 1047 for i := 0; i < N; i++ { 1048 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 1049 if err != nil { 1050 b.Fatal(err) 1051 } 1052 // make sure we're connected and previous connection has stopped 1053 if _, err := conn.Write(buf[:1]); err != nil { 1054 b.Fatal(err) 1055 } 1056 if _, err := io.ReadFull(conn, peek); err != nil { 1057 b.Fatal(err) 1058 } 1059 if _, err := conn.Write(buf); err != nil { 1060 b.Fatal(err) 1061 } 1062 if _, err = io.ReadFull(conn, peek); err != nil { 1063 b.Fatal(err) 1064 } 1065 conn.Close() 1066 } 1067 } 1068 1069 func BenchmarkLatency(b *testing.B) { 1070 for _, mode := range []string{"Max", "Dynamic"} { 1071 for _, kbps := range []int{200, 500, 1000, 2000, 5000} { 1072 name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps) 1073 b.Run(name, func(b *testing.B) { 1074 b.Run("TLSv12", func(b *testing.B) { 1075 latency(b, VersionTLS12, kbps*1000, mode == "Max") 1076 }) 1077 b.Run("TLSv13", func(b *testing.B) { 1078 latency(b, VersionTLS13, kbps*1000, mode == "Max") 1079 }) 1080 }) 1081 } 1082 } 1083 } 1084 1085 func TestConnectionStateMarshal(t *testing.T) { 1086 cs := &ConnectionState{} 1087 _, err := json.Marshal(cs) 1088 if err != nil { 1089 t.Errorf("json.Marshal failed on ConnectionState: %v", err) 1090 } 1091 } 1092 1093 func TestConnectionState(t *testing.T) { 1094 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 1095 if err != nil { 1096 panic(err) 1097 } 1098 rootCAs := x509.NewCertPool() 1099 rootCAs.AddCert(issuer) 1100 1101 now := func() time.Time { return time.Unix(1476984729, 0) } 1102 1103 const alpnProtocol = "golang" 1104 const serverName = "example.golang" 1105 var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} 1106 var ocsp = []byte("dummy ocsp") 1107 1108 for _, v := range []uint16{VersionTLS12, VersionTLS13} { 1109 var name string 1110 switch v { 1111 case VersionTLS12: 1112 name = "TLSv12" 1113 case VersionTLS13: 1114 name = "TLSv13" 1115 } 1116 t.Run(name, func(t *testing.T) { 1117 config := &Config{ 1118 Time: now, 1119 Rand: zeroSource{}, 1120 Certificates: make([]Certificate, 1), 1121 MaxVersion: v, 1122 RootCAs: rootCAs, 1123 ClientCAs: rootCAs, 1124 ClientAuth: RequireAndVerifyClientCert, 1125 NextProtos: []string{alpnProtocol}, 1126 ServerName: serverName, 1127 } 1128 config.Certificates[0].Certificate = [][]byte{testRSACertificate} 1129 config.Certificates[0].PrivateKey = testRSAPrivateKey 1130 config.Certificates[0].SignedCertificateTimestamps = scts 1131 config.Certificates[0].OCSPStaple = ocsp 1132 1133 ss, cs, err := testHandshake(t, config, config) 1134 if err != nil { 1135 t.Fatalf("Handshake failed: %v", err) 1136 } 1137 1138 if ss.Version != v || cs.Version != v { 1139 t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v) 1140 } 1141 1142 if !ss.HandshakeComplete || !cs.HandshakeComplete { 1143 t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete) 1144 } 1145 1146 if ss.DidResume || cs.DidResume { 1147 t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume) 1148 } 1149 1150 if ss.CipherSuite == 0 || cs.CipherSuite == 0 { 1151 t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite) 1152 } 1153 1154 if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol { 1155 t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol) 1156 } 1157 1158 if !cs.NegotiatedProtocolIsMutual { 1159 t.Errorf("Got false NegotiatedProtocolIsMutual on the client side") 1160 } 1161 // NegotiatedProtocolIsMutual on the server side is unspecified. 1162 1163 if ss.ServerName != serverName { 1164 t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName) 1165 } 1166 if cs.ServerName != serverName { 1167 t.Errorf("Got server name on client connection %q, expected %q", cs.ServerName, serverName) 1168 } 1169 1170 if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 { 1171 t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1) 1172 } 1173 1174 if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 { 1175 t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1) 1176 } else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 { 1177 t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2) 1178 } 1179 1180 if len(cs.SignedCertificateTimestamps) != 2 { 1181 t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2) 1182 } 1183 if !bytes.Equal(cs.OCSPResponse, ocsp) { 1184 t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp) 1185 } 1186 // Only TLS 1.3 supports OCSP and SCTs on client certs. 1187 if v == VersionTLS13 { 1188 if len(ss.SignedCertificateTimestamps) != 2 { 1189 t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2) 1190 } 1191 if !bytes.Equal(ss.OCSPResponse, ocsp) { 1192 t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp) 1193 } 1194 } 1195 1196 if v == VersionTLS13 { 1197 if ss.TLSUnique != nil || cs.TLSUnique != nil { 1198 t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique) 1199 } 1200 } else { 1201 if ss.TLSUnique == nil || cs.TLSUnique == nil { 1202 t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique) 1203 } 1204 } 1205 }) 1206 } 1207 } 1208 1209 // Issue 28744: Ensure that we don't modify memory 1210 // that Config doesn't own such as Certificates. 1211 func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) { 1212 c0 := Certificate{ 1213 Certificate: [][]byte{testRSACertificate}, 1214 PrivateKey: testRSAPrivateKey, 1215 } 1216 c1 := Certificate{ 1217 Certificate: [][]byte{testSNICertificate}, 1218 PrivateKey: testRSAPrivateKey, 1219 } 1220 config := testConfig.Clone() 1221 config.Certificates = []Certificate{c0, c1} 1222 1223 config.BuildNameToCertificate() 1224 got := config.Certificates 1225 want := []Certificate{c0, c1} 1226 if !reflect.DeepEqual(got, want) { 1227 t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want) 1228 } 1229 } 1230 1231 func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } 1232 1233 func TestClientHelloInfo_SupportsCertificate(t *testing.T) { 1234 rsaCert := &Certificate{ 1235 Certificate: [][]byte{testRSACertificate}, 1236 PrivateKey: testRSAPrivateKey, 1237 } 1238 pkcs1Cert := &Certificate{ 1239 Certificate: [][]byte{testRSACertificate}, 1240 PrivateKey: testRSAPrivateKey, 1241 SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, 1242 } 1243 ecdsaCert := &Certificate{ 1244 // ECDSA P-256 certificate 1245 Certificate: [][]byte{testP256Certificate}, 1246 PrivateKey: testP256PrivateKey, 1247 } 1248 ed25519Cert := &Certificate{ 1249 Certificate: [][]byte{testEd25519Certificate}, 1250 PrivateKey: testEd25519PrivateKey, 1251 } 1252 1253 tests := []struct { 1254 c *Certificate 1255 chi *ClientHelloInfo 1256 wantErr string 1257 }{ 1258 {rsaCert, &ClientHelloInfo{ 1259 ServerName: "example.golang", 1260 SignatureSchemes: []SignatureScheme{PSSWithSHA256}, 1261 SupportedVersions: []uint16{VersionTLS13}, 1262 }, ""}, 1263 {ecdsaCert, &ClientHelloInfo{ 1264 SignatureSchemes: []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256}, 1265 SupportedVersions: []uint16{VersionTLS13, VersionTLS12}, 1266 }, ""}, 1267 {rsaCert, &ClientHelloInfo{ 1268 ServerName: "example.com", 1269 SignatureSchemes: []SignatureScheme{PSSWithSHA256}, 1270 SupportedVersions: []uint16{VersionTLS13}, 1271 }, "not valid for requested server name"}, 1272 {ecdsaCert, &ClientHelloInfo{ 1273 SignatureSchemes: []SignatureScheme{ECDSAWithP384AndSHA384}, 1274 SupportedVersions: []uint16{VersionTLS13}, 1275 }, "signature algorithms"}, 1276 {pkcs1Cert, &ClientHelloInfo{ 1277 SignatureSchemes: []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256}, 1278 SupportedVersions: []uint16{VersionTLS13}, 1279 }, "signature algorithms"}, 1280 1281 {rsaCert, &ClientHelloInfo{ 1282 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, 1283 SignatureSchemes: []SignatureScheme{PKCS1WithSHA1}, 1284 SupportedVersions: []uint16{VersionTLS13, VersionTLS12}, 1285 }, "signature algorithms"}, 1286 {rsaCert, &ClientHelloInfo{ 1287 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, 1288 SignatureSchemes: []SignatureScheme{PKCS1WithSHA1}, 1289 SupportedVersions: []uint16{VersionTLS13, VersionTLS12}, 1290 config: &Config{ 1291 MaxVersion: VersionTLS12, 1292 }, 1293 }, ""}, // Check that mutual version selection works. 1294 1295 {ecdsaCert, &ClientHelloInfo{ 1296 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1297 SupportedCurves: []CurveID{CurveP256}, 1298 SupportedPoints: []uint8{pointFormatUncompressed}, 1299 SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, 1300 SupportedVersions: []uint16{VersionTLS12}, 1301 }, ""}, 1302 {ecdsaCert, &ClientHelloInfo{ 1303 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1304 SupportedCurves: []CurveID{CurveP256}, 1305 SupportedPoints: []uint8{pointFormatUncompressed}, 1306 SignatureSchemes: []SignatureScheme{ECDSAWithP384AndSHA384}, 1307 SupportedVersions: []uint16{VersionTLS12}, 1308 }, ""}, // TLS 1.2 does not restrict curves based on the SignatureScheme. 1309 {ecdsaCert, &ClientHelloInfo{ 1310 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1311 SupportedCurves: []CurveID{CurveP256}, 1312 SupportedPoints: []uint8{pointFormatUncompressed}, 1313 SignatureSchemes: nil, 1314 SupportedVersions: []uint16{VersionTLS12}, 1315 }, ""}, // TLS 1.2 comes with default signature schemes. 1316 {ecdsaCert, &ClientHelloInfo{ 1317 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, 1318 SupportedCurves: []CurveID{CurveP256}, 1319 SupportedPoints: []uint8{pointFormatUncompressed}, 1320 SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, 1321 SupportedVersions: []uint16{VersionTLS12}, 1322 }, "cipher suite"}, 1323 {ecdsaCert, &ClientHelloInfo{ 1324 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1325 SupportedCurves: []CurveID{CurveP256}, 1326 SupportedPoints: []uint8{pointFormatUncompressed}, 1327 SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, 1328 SupportedVersions: []uint16{VersionTLS12}, 1329 config: &Config{ 1330 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, 1331 }, 1332 }, "cipher suite"}, 1333 {ecdsaCert, &ClientHelloInfo{ 1334 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1335 SupportedCurves: []CurveID{CurveP384}, 1336 SupportedPoints: []uint8{pointFormatUncompressed}, 1337 SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, 1338 SupportedVersions: []uint16{VersionTLS12}, 1339 }, "certificate curve"}, 1340 {ecdsaCert, &ClientHelloInfo{ 1341 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1342 SupportedCurves: []CurveID{CurveP256}, 1343 SupportedPoints: []uint8{1}, 1344 SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256}, 1345 SupportedVersions: []uint16{VersionTLS12}, 1346 }, "doesn't support ECDHE"}, 1347 {ecdsaCert, &ClientHelloInfo{ 1348 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1349 SupportedCurves: []CurveID{CurveP256}, 1350 SupportedPoints: []uint8{pointFormatUncompressed}, 1351 SignatureSchemes: []SignatureScheme{PSSWithSHA256}, 1352 SupportedVersions: []uint16{VersionTLS12}, 1353 }, "signature algorithms"}, 1354 1355 {ed25519Cert, &ClientHelloInfo{ 1356 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1357 SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support 1358 SupportedPoints: []uint8{pointFormatUncompressed}, 1359 SignatureSchemes: []SignatureScheme{Ed25519}, 1360 SupportedVersions: []uint16{VersionTLS12}, 1361 }, ""}, 1362 {ed25519Cert, &ClientHelloInfo{ 1363 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1364 SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support 1365 SupportedPoints: []uint8{pointFormatUncompressed}, 1366 SignatureSchemes: []SignatureScheme{Ed25519}, 1367 SupportedVersions: []uint16{VersionTLS10}, 1368 }, "doesn't support Ed25519"}, 1369 {ed25519Cert, &ClientHelloInfo{ 1370 CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, 1371 SupportedCurves: []CurveID{}, 1372 SupportedPoints: []uint8{pointFormatUncompressed}, 1373 SignatureSchemes: []SignatureScheme{Ed25519}, 1374 SupportedVersions: []uint16{VersionTLS12}, 1375 }, "doesn't support ECDHE"}, 1376 1377 {rsaCert, &ClientHelloInfo{ 1378 CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, 1379 SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support 1380 SupportedPoints: []uint8{pointFormatUncompressed}, 1381 SupportedVersions: []uint16{VersionTLS10}, 1382 }, ""}, 1383 {rsaCert, &ClientHelloInfo{ 1384 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, 1385 SupportedVersions: []uint16{VersionTLS12}, 1386 }, ""}, // static RSA fallback 1387 } 1388 for i, tt := range tests { 1389 err := tt.chi.SupportsCertificate(tt.c) 1390 switch { 1391 case tt.wantErr == "" && err != nil: 1392 t.Errorf("%d: unexpected error: %v", i, err) 1393 case tt.wantErr != "" && err == nil: 1394 t.Errorf("%d: unexpected success", i) 1395 case tt.wantErr != "" && !strings.Contains(err.Error(), tt.wantErr): 1396 t.Errorf("%d: got error %q, expected %q", i, err, tt.wantErr) 1397 } 1398 } 1399 } 1400 1401 func TestCipherSuites(t *testing.T) { 1402 var lastID uint16 1403 for _, c := range CipherSuites() { 1404 if lastID > c.ID { 1405 t.Errorf("CipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID) 1406 } else { 1407 lastID = c.ID 1408 } 1409 1410 if c.Insecure { 1411 t.Errorf("%#04x: Insecure CipherSuite returned by CipherSuites()", c.ID) 1412 } 1413 } 1414 lastID = 0 1415 for _, c := range InsecureCipherSuites() { 1416 if lastID > c.ID { 1417 t.Errorf("InsecureCipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID) 1418 } else { 1419 lastID = c.ID 1420 } 1421 1422 if !c.Insecure { 1423 t.Errorf("%#04x: not Insecure CipherSuite returned by InsecureCipherSuites()", c.ID) 1424 } 1425 } 1426 1427 CipherSuiteByID := func(id uint16) *CipherSuite { 1428 for _, c := range CipherSuites() { 1429 if c.ID == id { 1430 return c 1431 } 1432 } 1433 for _, c := range InsecureCipherSuites() { 1434 if c.ID == id { 1435 return c 1436 } 1437 } 1438 return nil 1439 } 1440 1441 for _, c := range cipherSuites { 1442 cc := CipherSuiteByID(c.id) 1443 if cc == nil { 1444 t.Errorf("%#04x: no CipherSuite entry", c.id) 1445 continue 1446 } 1447 1448 if tls12Only := c.flags&suiteTLS12 != 0; tls12Only && len(cc.SupportedVersions) != 1 { 1449 t.Errorf("%#04x: suite is TLS 1.2 only, but SupportedVersions is %v", c.id, cc.SupportedVersions) 1450 } else if !tls12Only && len(cc.SupportedVersions) != 3 { 1451 t.Errorf("%#04x: suite TLS 1.0-1.2, but SupportedVersions is %v", c.id, cc.SupportedVersions) 1452 } 1453 1454 if got := CipherSuiteName(c.id); got != cc.Name { 1455 t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name) 1456 } 1457 } 1458 for _, c := range cipherSuitesTLS13 { 1459 cc := CipherSuiteByID(c.id) 1460 if cc == nil { 1461 t.Errorf("%#04x: no CipherSuite entry", c.id) 1462 continue 1463 } 1464 1465 if cc.Insecure { 1466 t.Errorf("%#04x: Insecure %v, expected false", c.id, cc.Insecure) 1467 } 1468 if len(cc.SupportedVersions) != 1 || cc.SupportedVersions[0] != VersionTLS13 { 1469 t.Errorf("%#04x: suite is TLS 1.3 only, but SupportedVersions is %v", c.id, cc.SupportedVersions) 1470 } 1471 1472 if got := CipherSuiteName(c.id); got != cc.Name { 1473 t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name) 1474 } 1475 } 1476 1477 if got := CipherSuiteName(0xabc); got != "0x0ABC" { 1478 t.Errorf("unexpected fallback CipherSuiteName: got %q, expected 0x0ABC", got) 1479 } 1480 1481 if len(cipherSuitesPreferenceOrder) != len(cipherSuites) { 1482 t.Errorf("cipherSuitesPreferenceOrder is not the same size as cipherSuites") 1483 } 1484 if len(cipherSuitesPreferenceOrderNoAES) != len(cipherSuitesPreferenceOrder) { 1485 t.Errorf("cipherSuitesPreferenceOrderNoAES is not the same size as cipherSuitesPreferenceOrder") 1486 } 1487 1488 // Check that disabled suites are at the end of the preference lists, and 1489 // that they are marked insecure. 1490 for i, id := range disabledCipherSuites { 1491 offset := len(cipherSuitesPreferenceOrder) - len(disabledCipherSuites) 1492 if cipherSuitesPreferenceOrder[offset+i] != id { 1493 t.Errorf("disabledCipherSuites[%d]: not at the end of cipherSuitesPreferenceOrder", i) 1494 } 1495 if cipherSuitesPreferenceOrderNoAES[offset+i] != id { 1496 t.Errorf("disabledCipherSuites[%d]: not at the end of cipherSuitesPreferenceOrderNoAES", i) 1497 } 1498 c := CipherSuiteByID(id) 1499 if c == nil { 1500 t.Errorf("%#04x: no CipherSuite entry", id) 1501 continue 1502 } 1503 if !c.Insecure { 1504 t.Errorf("%#04x: disabled by default but not marked insecure", id) 1505 } 1506 } 1507 1508 for i, prefOrder := range [][]uint16{cipherSuitesPreferenceOrder, cipherSuitesPreferenceOrderNoAES} { 1509 // Check that insecure and HTTP/2 bad cipher suites are at the end of 1510 // the preference lists. 1511 var sawInsecure, sawBad bool 1512 for _, id := range prefOrder { 1513 c := CipherSuiteByID(id) 1514 if c == nil { 1515 t.Errorf("%#04x: no CipherSuite entry", id) 1516 continue 1517 } 1518 1519 if c.Insecure { 1520 sawInsecure = true 1521 } else if sawInsecure { 1522 t.Errorf("%#04x: secure suite after insecure one(s)", id) 1523 } 1524 1525 if http2isBadCipher(id) { 1526 sawBad = true 1527 } else if sawBad { 1528 t.Errorf("%#04x: non-bad suite after bad HTTP/2 one(s)", id) 1529 } 1530 } 1531 1532 // Check that the list is sorted according to the documented criteria. 1533 isBetter := func(a, b int) bool { 1534 aSuite, bSuite := cipherSuiteByID(prefOrder[a]), cipherSuiteByID(prefOrder[b]) 1535 aName, bName := CipherSuiteName(prefOrder[a]), CipherSuiteName(prefOrder[b]) 1536 // * < RC4 1537 if !strings.Contains(aName, "RC4") && strings.Contains(bName, "RC4") { 1538 return true 1539 } else if strings.Contains(aName, "RC4") && !strings.Contains(bName, "RC4") { 1540 return false 1541 } 1542 // * < CBC_SHA256 1543 if !strings.Contains(aName, "CBC_SHA256") && strings.Contains(bName, "CBC_SHA256") { 1544 return true 1545 } else if strings.Contains(aName, "CBC_SHA256") && !strings.Contains(bName, "CBC_SHA256") { 1546 return false 1547 } 1548 // * < 3DES 1549 if !strings.Contains(aName, "3DES") && strings.Contains(bName, "3DES") { 1550 return true 1551 } else if strings.Contains(aName, "3DES") && !strings.Contains(bName, "3DES") { 1552 return false 1553 } 1554 // ECDHE < * 1555 if aSuite.flags&suiteECDHE != 0 && bSuite.flags&suiteECDHE == 0 { 1556 return true 1557 } else if aSuite.flags&suiteECDHE == 0 && bSuite.flags&suiteECDHE != 0 { 1558 return false 1559 } 1560 // AEAD < CBC 1561 if aSuite.aead != nil && bSuite.aead == nil { 1562 return true 1563 } else if aSuite.aead == nil && bSuite.aead != nil { 1564 return false 1565 } 1566 // AES < ChaCha20 1567 if strings.Contains(aName, "AES") && strings.Contains(bName, "CHACHA20") { 1568 return i == 0 // true for cipherSuitesPreferenceOrder 1569 } else if strings.Contains(aName, "CHACHA20") && strings.Contains(bName, "AES") { 1570 return i != 0 // true for cipherSuitesPreferenceOrderNoAES 1571 } 1572 // AES-128 < AES-256 1573 if strings.Contains(aName, "AES_128") && strings.Contains(bName, "AES_256") { 1574 return true 1575 } else if strings.Contains(aName, "AES_256") && strings.Contains(bName, "AES_128") { 1576 return false 1577 } 1578 // ECDSA < RSA 1579 if aSuite.flags&suiteECSign != 0 && bSuite.flags&suiteECSign == 0 { 1580 return true 1581 } else if aSuite.flags&suiteECSign == 0 && bSuite.flags&suiteECSign != 0 { 1582 return false 1583 } 1584 t.Fatalf("two ciphersuites are equal by all criteria: %v and %v", aName, bName) 1585 panic("unreachable") 1586 } 1587 if !sort.SliceIsSorted(prefOrder, isBetter) { 1588 t.Error("preference order is not sorted according to the rules") 1589 } 1590 } 1591 } 1592 1593 func TestVersionName(t *testing.T) { 1594 if got, exp := VersionName(VersionTLS13), "TLS 1.3"; got != exp { 1595 t.Errorf("unexpected VersionName: got %q, expected %q", got, exp) 1596 } 1597 if got, exp := VersionName(0x12a), "0x012A"; got != exp { 1598 t.Errorf("unexpected fallback VersionName: got %q, expected %q", got, exp) 1599 } 1600 } 1601 1602 // http2isBadCipher is copied from net/http. 1603 // TODO: if it ends up exposed somewhere, use that instead. 1604 func http2isBadCipher(cipher uint16) bool { 1605 switch cipher { 1606 case TLS_RSA_WITH_RC4_128_SHA, 1607 TLS_RSA_WITH_3DES_EDE_CBC_SHA, 1608 TLS_RSA_WITH_AES_128_CBC_SHA, 1609 TLS_RSA_WITH_AES_256_CBC_SHA, 1610 TLS_RSA_WITH_AES_128_CBC_SHA256, 1611 TLS_RSA_WITH_AES_128_GCM_SHA256, 1612 TLS_RSA_WITH_AES_256_GCM_SHA384, 1613 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 1614 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1615 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1616 TLS_ECDHE_RSA_WITH_RC4_128_SHA, 1617 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 1618 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1619 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1620 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 1621 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 1622 return true 1623 default: 1624 return false 1625 } 1626 } 1627 1628 type brokenSigner struct{ crypto.Signer } 1629 1630 func (s brokenSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { 1631 // Replace opts with opts.HashFunc(), so rsa.PSSOptions are discarded. 1632 return s.Signer.Sign(rand, digest, opts.HashFunc()) 1633 } 1634 1635 // TestPKCS1OnlyCert uses a client certificate with a broken crypto.Signer that 1636 // always makes PKCS #1 v1.5 signatures, so can't be used with RSA-PSS. 1637 func TestPKCS1OnlyCert(t *testing.T) { 1638 clientConfig := testConfig.Clone() 1639 clientConfig.Certificates = []Certificate{{ 1640 Certificate: [][]byte{testRSACertificate}, 1641 PrivateKey: brokenSigner{testRSAPrivateKey}, 1642 }} 1643 serverConfig := testConfig.Clone() 1644 serverConfig.MaxVersion = VersionTLS12 // TLS 1.3 doesn't support PKCS #1 v1.5 1645 serverConfig.ClientAuth = RequireAnyClientCert 1646 1647 // If RSA-PSS is selected, the handshake should fail. 1648 if _, _, err := testHandshake(t, clientConfig, serverConfig); err == nil { 1649 t.Fatal("expected broken certificate to cause connection to fail") 1650 } 1651 1652 clientConfig.Certificates[0].SupportedSignatureAlgorithms = 1653 []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256} 1654 1655 // But if the certificate restricts supported algorithms, RSA-PSS should not 1656 // be selected, and the handshake should succeed. 1657 if _, _, err := testHandshake(t, clientConfig, serverConfig); err != nil { 1658 t.Error(err) 1659 } 1660 } 1661 1662 func TestVerifyCertificates(t *testing.T) { 1663 // See https://go.dev/issue/31641. 1664 t.Run("TLSv12", func(t *testing.T) { testVerifyCertificates(t, VersionTLS12) }) 1665 t.Run("TLSv13", func(t *testing.T) { testVerifyCertificates(t, VersionTLS13) }) 1666 } 1667 1668 func testVerifyCertificates(t *testing.T, version uint16) { 1669 tests := []struct { 1670 name string 1671 1672 InsecureSkipVerify bool 1673 ClientAuth ClientAuthType 1674 ClientCertificates bool 1675 }{ 1676 { 1677 name: "defaults", 1678 }, 1679 { 1680 name: "InsecureSkipVerify", 1681 InsecureSkipVerify: true, 1682 }, 1683 { 1684 name: "RequestClientCert with no certs", 1685 ClientAuth: RequestClientCert, 1686 }, 1687 { 1688 name: "RequestClientCert with certs", 1689 ClientAuth: RequestClientCert, 1690 ClientCertificates: true, 1691 }, 1692 { 1693 name: "RequireAnyClientCert", 1694 ClientAuth: RequireAnyClientCert, 1695 ClientCertificates: true, 1696 }, 1697 { 1698 name: "VerifyClientCertIfGiven with no certs", 1699 ClientAuth: VerifyClientCertIfGiven, 1700 }, 1701 { 1702 name: "VerifyClientCertIfGiven with certs", 1703 ClientAuth: VerifyClientCertIfGiven, 1704 ClientCertificates: true, 1705 }, 1706 { 1707 name: "RequireAndVerifyClientCert", 1708 ClientAuth: RequireAndVerifyClientCert, 1709 ClientCertificates: true, 1710 }, 1711 } 1712 1713 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 1714 if err != nil { 1715 t.Fatal(err) 1716 } 1717 rootCAs := x509.NewCertPool() 1718 rootCAs.AddCert(issuer) 1719 1720 for _, test := range tests { 1721 test := test 1722 t.Run(test.name, func(t *testing.T) { 1723 t.Parallel() 1724 1725 var serverVerifyConnection, clientVerifyConnection bool 1726 var serverVerifyPeerCertificates, clientVerifyPeerCertificates bool 1727 1728 clientConfig := testConfig.Clone() 1729 clientConfig.Time = func() time.Time { return time.Unix(1476984729, 0) } 1730 clientConfig.MaxVersion = version 1731 clientConfig.MinVersion = version 1732 clientConfig.RootCAs = rootCAs 1733 clientConfig.ServerName = "example.golang" 1734 clientConfig.ClientSessionCache = NewLRUClientSessionCache(1) 1735 serverConfig := clientConfig.Clone() 1736 serverConfig.ClientCAs = rootCAs 1737 1738 clientConfig.VerifyConnection = func(cs ConnectionState) error { 1739 clientVerifyConnection = true 1740 return nil 1741 } 1742 clientConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { 1743 clientVerifyPeerCertificates = true 1744 return nil 1745 } 1746 serverConfig.VerifyConnection = func(cs ConnectionState) error { 1747 serverVerifyConnection = true 1748 return nil 1749 } 1750 serverConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { 1751 serverVerifyPeerCertificates = true 1752 return nil 1753 } 1754 1755 clientConfig.InsecureSkipVerify = test.InsecureSkipVerify 1756 serverConfig.ClientAuth = test.ClientAuth 1757 if !test.ClientCertificates { 1758 clientConfig.Certificates = nil 1759 } 1760 1761 if _, _, err := testHandshake(t, clientConfig, serverConfig); err != nil { 1762 t.Fatal(err) 1763 } 1764 1765 want := serverConfig.ClientAuth != NoClientCert 1766 if serverVerifyPeerCertificates != want { 1767 t.Errorf("VerifyPeerCertificates on the server: got %v, want %v", 1768 serverVerifyPeerCertificates, want) 1769 } 1770 if !clientVerifyPeerCertificates { 1771 t.Errorf("VerifyPeerCertificates not called on the client") 1772 } 1773 if !serverVerifyConnection { 1774 t.Error("VerifyConnection did not get called on the server") 1775 } 1776 if !clientVerifyConnection { 1777 t.Error("VerifyConnection did not get called on the client") 1778 } 1779 1780 serverVerifyPeerCertificates, clientVerifyPeerCertificates = false, false 1781 serverVerifyConnection, clientVerifyConnection = false, false 1782 cs, _, err := testHandshake(t, clientConfig, serverConfig) 1783 if err != nil { 1784 t.Fatal(err) 1785 } 1786 if !cs.DidResume { 1787 t.Error("expected resumption") 1788 } 1789 1790 if serverVerifyPeerCertificates { 1791 t.Error("VerifyPeerCertificates got called on the server on resumption") 1792 } 1793 if clientVerifyPeerCertificates { 1794 t.Error("VerifyPeerCertificates got called on the client on resumption") 1795 } 1796 if !serverVerifyConnection { 1797 t.Error("VerifyConnection did not get called on the server on resumption") 1798 } 1799 if !clientVerifyConnection { 1800 t.Error("VerifyConnection did not get called on the client on resumption") 1801 } 1802 }) 1803 } 1804 }