transport_test.go

Documentation: go.etcd.io/etcd/client/pkg/v3/transport

     1  // Copyright 2018 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package transport
    16  
    17  import (
    18  	"crypto/tls"
    19  	"net/http"
    20  	"strings"
    21  	"testing"
    22  	"time"
    23  )
    24  
    25  // TestNewTransportTLSInvalidCipherSuitesTLS12 expects a client with invalid
    26  // cipher suites fail to handshake with the server.
    27  func TestNewTransportTLSInvalidCipherSuitesTLS12(t *testing.T) {
    28  	tlsInfo, del, err := createSelfCert()
    29  	if err != nil {
    30  		t.Fatalf("unable to create cert: %v", err)
    31  	}
    32  	defer del()
    33  
    34  	cipherSuites := []uint16{
    35  		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    36  		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    37  		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    38  		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    39  		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
    40  		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
    41  	}
    42  
    43  	// make server and client have unmatched cipher suites
    44  	srvTLS, cliTLS := *tlsInfo, *tlsInfo
    45  	srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites[:2], cipherSuites[2:]
    46  
    47  	ln, err := NewListener("127.0.0.1:0", "https", &srvTLS)
    48  	if err != nil {
    49  		t.Fatalf("unexpected NewListener error: %v", err)
    50  	}
    51  	defer ln.Close()
    52  
    53  	donec := make(chan struct{})
    54  	go func() {
    55  		ln.Accept()
    56  		donec <- struct{}{}
    57  	}()
    58  	go func() {
    59  		tr, err := NewTransport(cliTLS, 3*time.Second)
    60  		tr.TLSClientConfig.MaxVersion = tls.VersionTLS12
    61  		if err != nil {
    62  			t.Errorf("unexpected NewTransport error: %v", err)
    63  		}
    64  		cli := &http.Client{Transport: tr}
    65  		_, gerr := cli.Get("https://" + ln.Addr().String())
    66  		if gerr == nil || !strings.Contains(gerr.Error(), "tls: handshake failure") {
    67  			t.Error("expected client TLS handshake error")
    68  		}
    69  		ln.Close()
    70  		donec <- struct{}{}
    71  	}()
    72  	<-donec
    73  	<-donec
    74  }
    75
View as plain text