transport_test.go 2.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
  1. // Copyright 2018 The etcd Authors
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package transport
  15. import (
  16. "crypto/tls"
  17. "net/http"
  18. "strings"
  19. "testing"
  20. "time"
  21. )
  22. // TestNewTransportTLSInvalidCipherSuitesTLS12 expects a client with invalid
  23. // cipher suites fail to handshake with the server.
  24. func TestNewTransportTLSInvalidCipherSuitesTLS12(t *testing.T) {
  25. tlsInfo, del, err := createSelfCert()
  26. if err != nil {
  27. t.Fatalf("unable to create cert: %v", err)
  28. }
  29. defer del()
  30. cipherSuites := []uint16{
  31. tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  32. tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
  33. tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  34. tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  35. tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
  36. tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
  37. }
  38. // make server and client have unmatched cipher suites
  39. srvTLS, cliTLS := *tlsInfo, *tlsInfo
  40. srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites[:2], cipherSuites[2:]
  41. ln, err := NewListener("127.0.0.1:0", "https", &srvTLS)
  42. if err != nil {
  43. t.Fatalf("unexpected NewListener error: %v", err)
  44. }
  45. defer ln.Close()
  46. donec := make(chan struct{})
  47. go func() {
  48. ln.Accept()
  49. donec <- struct{}{}
  50. }()
  51. go func() {
  52. tr, err := NewTransport(cliTLS, 3*time.Second)
  53. tr.TLSClientConfig.MaxVersion = tls.VersionTLS12
  54. if err != nil {
  55. t.Errorf("unexpected NewTransport error: %v", err)
  56. }
  57. cli := &http.Client{Transport: tr}
  58. _, gerr := cli.Get("https://" + ln.Addr().String())
  59. if gerr == nil || !strings.Contains(gerr.Error(), "tls: handshake failure") {
  60. t.Error("expected client TLS handshake error")
  61. }
  62. ln.Close()
  63. donec <- struct{}{}
  64. }()
  65. <-donec
  66. <-donec
  67. }