go.etcd.io/etcd@v3.3.27+incompatible/pkg/transport/transport_test.go

go.etcd.io/etcd@v3.3.27+incompatible/pkg/transport/transport_test.go (about)

     1  // Copyright 2018 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package transport
    16  
    17  import (
    18  	"crypto/tls"
    19  	"net/http"
    20  	"strings"
    21  	"testing"
    22  	"time"
    23  )
    24  
    25  // TestNewTransportTLSInvalidCipherSuites expects a client with invalid
    26  // cipher suites fail to handshake with the server.
    27  func TestNewTransportTLSInvalidCipherSuites(t *testing.T) {
    28  	tlsInfo, del, err := createSelfCert()
    29  	if err != nil {
    30  		t.Fatalf("unable to create cert: %v", err)
    31  	}
    32  	defer del()
    33  
    34  	cipherSuites := []uint16{
    35  		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    36  		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    37  		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    38  		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    39  		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
    40  		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
    41  	}
    42  
    43  	// make server and client have unmatched cipher suites
    44  	srvTLS, cliTLS := *tlsInfo, *tlsInfo
    45  	srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites[:2], cipherSuites[2:]
    46  
    47  	ln, err := NewListener("127.0.0.1:0", "https", &srvTLS)
    48  	if err != nil {
    49  		t.Fatalf("unexpected NewListener error: %v", err)
    50  	}
    51  	defer ln.Close()
    52  
    53  	donec := make(chan struct{})
    54  	go func() {
    55  		ln.Accept()
    56  		donec <- struct{}{}
    57  	}()
    58  	go func() {
    59  		tr, err := NewTransport(cliTLS, 3*time.Second)
    60  		if err != nil {
    61  			t.Fatalf("unexpected NewTransport error: %v", err)
    62  		}
    63  		cli := &http.Client{Transport: tr}
    64  		_, gerr := cli.Get("https://" + ln.Addr().String())
    65  		if gerr == nil || !strings.Contains(gerr.Error(), "tls: handshake failure") {
    66  			t.Fatal("expected client TLS handshake error")
    67  		}
    68  		ln.Close()
    69  		donec <- struct{}{}
    70  	}()
    71  	<-donec
    72  	<-donec
    73  }