diff --git a/.circleci/config.yml b/.circleci/config.yml index 47e37632..c1858867 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,13 +8,11 @@ defaults: &defaults go get -t ./... go get github.com/onsi/ginkgo/ginkgo go get github.com/onsi/gomega - echo 127.0.0.1 quic.clemente.io | sudo tee -a /etc/hosts - run: name: "Build infos" command: | echo $GOARCH go version - printf "quic.clemente.io certificate valid until: " && openssl x509 -in example/fullchain.pem -enddate -noout | cut -d = -f 2 - run: name: "Run benchmark tests" command: ginkgo -randomizeAllSpecs -trace benchmark -- -samples=1 diff --git a/.travis.yml b/.travis.yml index 059be883..eefceecd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,6 @@ dist: trusty group: travis_latest -addons: - hosts: - - quic.clemente.io - language: go go: @@ -41,7 +37,6 @@ before_install: - go get github.com/onsi/gomega - export GOARCH=$TRAVIS_GOARCH - go env # for debugging - - "printf \"quic.clemente.io certificate valid until: \" && openssl x509 -in example/fullchain.pem -enddate -noout | cut -d = -f 2" - "export DISPLAY=:99.0" - "Xvfb $DISPLAY &> /dev/null &" diff --git a/appveyor.yml b/appveyor.yml index b9fe526f..5e44d002 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -10,9 +10,6 @@ environment: - GOARCH: 386 - GOARCH: amd64 -hosts: - quic.clemente.io: 127.0.0.1 - clone_folder: c:\gopath\src\github.com\lucas-clemente\quic-go install: diff --git a/example/Readme.md b/example/Readme.md deleted file mode 100644 index f8785233..00000000 --- a/example/Readme.md +++ /dev/null @@ -1,7 +0,0 @@ -# About the certificate - -Yes, this folder contains a private key and a certificate for quic.clemente.io. - -Unfortunately we need a valid certificate for the integration tests with Chrome and `quic_client`. No important data is served on the "real" `quic.clemente.io` (only a test page), and the MITM problem is imho negligible. - -If you figure out a way to test with Chrome without having a cert and key here, let us now in an issue. diff --git a/example/fullchain.pem b/example/fullchain.pem deleted file mode 100644 index a4184ac6..00000000 --- a/example/fullchain.pem +++ /dev/null @@ -1,62 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGDDCCBPSgAwIBAgISAzFzQHPYT5Vnbq8NLMKNdHANMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MDgwODIwMTFaFw0x -ODEyMDcwODIwMTFaMBsxGTAXBgNVBAMTEHF1aWMuY2xlbWVudGUuaW8wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54rxI2G99GLs7VKnIbKnl+FjQxjj5 -6e01dW6mE+3JSouBG3K+9hO6dExvZS4zUqL0hxi93H480WGtIn8bIYVpcZZvkgzG -i8ot3Hq2SXOBb3nBTCj7Y+DB4oJX1rPNqn0YVS8LidxUKIhsFOgIpjrhXsa1ugI3 -ia5djPLxQYUc1r/48flUjTYy9HDD+VFUINPtVJzXJz3/7liPdgbhSy4Uzpe5cu4c -kgNTikQ6CuxGf3+8y9BP2nNOKe1nI3ubfC+gj4oUbOaoYA/tVTcJxJimy+/mI9sx -/Ku9lxzC/DdZwv7PRM3Q0BsE3/2I7DRRMENJof4zQfe/XvD9WZ09+AdjAgMBAAGj -ggMZMIIDFTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOvj9SUSgmP+urLufOl3cskz -xAxnMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB -BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0 -Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0 -Lm9yZy8wGwYDVR0RBBQwEoIQcXVpYy5jbGVtZW50ZS5pbzCB/gYDVR0gBIH2MIHz -MAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6 -Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2Vy -dGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0 -aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUg -UG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRv -cnkvMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA23Sv7ssp7LH+yj5xbSzluaq7 -NveEcYPHXZ1PN7Yfv2QAAAFluHtHHAAABAMARzBFAiEAk+yUopdJ1uIGOsCMLEof -qBYJKCq1qU6lEd4DSmh5Q8UCIDPgjfWG6JRJLtNrVCcayQpLgNlFDx1Mx/lWkpOb -VuigAHcAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFluHtIDAAA -BAMASDBGAiEAvgKW8+NpBYBYPSglVaQZ/GZww/QItzpsVj305GoB87cCIQDEDbjH -feFKJo/7C20pOha1lERVZae6XLlRZVL+UMP8+jANBgkqhkiG9w0BAQsFAAOCAQEA -eZuO6bQsmBu2iQVxOdSmRtu/VXsYZi+fyteToSNtexWYu6SAUfe5dr5MHD2m3OeU -oYIxHeKtSMjiE7o7BVUUZgVaCXjjT/nR1iyJvVxAt9ekd4lcjjoudoxQHms76KU9 -dcEr8M/z4/PhuB83nvpJB40mgJln47BhvKKAeFtfD+c+gR4L5NG0LC6H7Jbc8PyR -WPEzc1HCfHaHkkVgLRljgky8hl83+uR95lgjSPKYyRy8qCwL/1mthdaGpfP6u+aD -9tsDjMFEj+Lq7RDeiZkBoZ6uZnqjFcfg4sLlwuv/aFvbAbkPa25SpwizdKRLFVNr -WtT2VbhFhz86rXplNgnJEw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/example/privkey.pem b/example/privkey.pem deleted file mode 100644 index ff2f4a36..00000000 --- a/example/privkey.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC54rxI2G99GLs7 -VKnIbKnl+FjQxjj56e01dW6mE+3JSouBG3K+9hO6dExvZS4zUqL0hxi93H480WGt -In8bIYVpcZZvkgzGi8ot3Hq2SXOBb3nBTCj7Y+DB4oJX1rPNqn0YVS8LidxUKIhs -FOgIpjrhXsa1ugI3ia5djPLxQYUc1r/48flUjTYy9HDD+VFUINPtVJzXJz3/7liP -dgbhSy4Uzpe5cu4ckgNTikQ6CuxGf3+8y9BP2nNOKe1nI3ubfC+gj4oUbOaoYA/t -VTcJxJimy+/mI9sx/Ku9lxzC/DdZwv7PRM3Q0BsE3/2I7DRRMENJof4zQfe/XvD9 -WZ09+AdjAgMBAAECggEAL3O8EPR/cXXQxhKUzP9AV96P/au8e7/FuDHkLy1DNHF9 -L1Yscqcq3hw2LvGrW5qq0rVyEXWqHChvQN1fiTODdSlz98NW05B36kEwajxR6ibk -8/1XMOWMSLJkB7xdZhExofaM7eshfbJjMQQdP6f/u+yP2XBEhJz3EBadJg1Nx9By -8FbZJBC3QAezE54aPR/M3SRCwF4ZRI2vPnptxxjkcNhFXue3xjPAIMKjrNNBtWjn -HZ3OWqBz0BD9bb7MxjDDjPXAwv92UGJuap1BZYbaqUG6fPtn2aY9oxZcXYuIMaXk -ymdhYYRfxk7S5aR8+6kyJCkaoMATaf4Y8vEiw0lk4QKBgQDkLTmRctqj3CNBGyU7 -wIqzgp1P6q+CptWVcadA3LoWHquLEVOmuTjWdX+4LBgwTjmAlnBfMIrR4HvluC7N -89sHrA5KMQpt0a/B+7ZdgSsGXk4Pbc8u5QR5Qe70plC7SyX7mHwUmND0LJuwKO6Z -THv9oYOP+abw0HHTtWZoYrBB+QKBgQDQjVpuBN0HijeCDhvSUkcL/WHjHfizkJER -hUiqBc+vbFkfdcMukde3buB12CnIO1EZCFn5LgTjvR1fv+gfdG/EAfNYLRMwN+e/ -Ai6gM20KR1KjQHMz64546ZXdMhA8afbMD8MBAFURMpG2ECetEoDz5LnLI929mxRd -UZbB12QrOwKBgQCeOE3m8YFyhj9b8frLiCOlfjifJdk1+4G28uxLKcNPe0zwTb93 -qJAlBazehJTxSgzNgYPCPeLEzaicDi9GWIXUuBXglEjrBa+eD3DRPbQb4mC2iipU -FjIX8wRDWOA6P03DPGUt0xlxd00txfRNEKAZq1mTCEYeTivf5bVxRJ174QKBgF7E -HJdptlY6xEZgytujb41PMi/V6rENvB3OBtrbkSgRf93/0RVUSEWeKHjkJPhLm+pY -FSpZcvdZdAOSXJQOgMr8Z+tlcBa1EKWHBFDfjWjiR/bOzoqFO1ROMD83BJGvROot -L1tBH2aVKAknBiBrDBXHlXVtctE5quNMs8iZa3cJAoGBAMX3qTxgsfCfWemJjj35 -PJnzMRTe0gKQbeVw7tkp57G8vz1b+fblaDBCI63tj0O0PZ5nE01Y882g9NRNBI04 -LYquJcRy8Mhb0R0EmoX1CAXTJPsZCmd3/rPLAUXser4zK6Yy/dkJFcD8NOMNWcX+ -ok6Vq4VGdKA7ZxzJrKm3DGt/ ------END PRIVATE KEY----- diff --git a/integrationtests/self/client_test.go b/integrationtests/self/client_test.go index 2dd7f350..82459a9c 100644 --- a/integrationtests/self/client_test.go +++ b/integrationtests/self/client_test.go @@ -2,17 +2,17 @@ package self_test import ( "bytes" + "crypto/tls" "fmt" "io/ioutil" - "net" "net/http" - "os" "time" quic "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/h2quic" "github.com/lucas-clemente/quic-go/integrationtests/tools/testserver" "github.com/lucas-clemente/quic-go/internal/protocol" + "github.com/lucas-clemente/quic-go/internal/testdata" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -25,13 +25,6 @@ var _ = Describe("Client tests", func() { versions := protocol.SupportedVersions BeforeEach(func() { - err := os.Setenv("HOSTALIASES", "quic.clemente.io 127.0.0.1") - Expect(err).ToNot(HaveOccurred()) - addr, err := net.ResolveUDPAddr("udp4", "quic.clemente.io:0") - Expect(err).ToNot(HaveOccurred()) - if addr.String() != "127.0.0.1:0" { - Fail("quic.clemente.io does not resolve to 127.0.0.1. Consider adding it to /etc/hosts.") - } testserver.StartQuicServer(versions) }) @@ -46,6 +39,9 @@ var _ = Describe("Client tests", func() { BeforeEach(func() { client = &http.Client{ Transport: &h2quic.RoundTripper{ + TLSClientConfig: &tls.Config{ + RootCAs: testdata.GetRootCA(), + }, QuicConfig: &quic.Config{ Versions: []protocol.VersionNumber{version}, }, @@ -54,7 +50,7 @@ var _ = Describe("Client tests", func() { }) It("downloads a hello", func() { - resp, err := client.Get("https://quic.clemente.io:" + testserver.Port() + "/hello") + resp, err := client.Get("https://localhost:" + testserver.Port() + "/hello") Expect(err).ToNot(HaveOccurred()) Expect(resp.StatusCode).To(Equal(200)) body, err := ioutil.ReadAll(gbytes.TimeoutReader(resp.Body, 3*time.Second)) @@ -63,7 +59,7 @@ var _ = Describe("Client tests", func() { }) It("downloads a small file", func() { - resp, err := client.Get("https://quic.clemente.io:" + testserver.Port() + "/prdata") + resp, err := client.Get("https://localhost:" + testserver.Port() + "/prdata") Expect(err).ToNot(HaveOccurred()) Expect(resp.StatusCode).To(Equal(200)) body, err := ioutil.ReadAll(gbytes.TimeoutReader(resp.Body, 5*time.Second)) @@ -72,7 +68,7 @@ var _ = Describe("Client tests", func() { }) It("downloads a large file", func() { - resp, err := client.Get("https://quic.clemente.io:" + testserver.Port() + "/prdatalong") + resp, err := client.Get("https://localhost:" + testserver.Port() + "/prdatalong") Expect(err).ToNot(HaveOccurred()) Expect(resp.StatusCode).To(Equal(200)) body, err := ioutil.ReadAll(gbytes.TimeoutReader(resp.Body, 20*time.Second)) @@ -82,7 +78,7 @@ var _ = Describe("Client tests", func() { It("uploads a file", func() { resp, err := client.Post( - "https://quic.clemente.io:"+testserver.Port()+"/echo", + "https://localhost:"+testserver.Port()+"/echo", "text/plain", bytes.NewReader(testserver.PRData), ) diff --git a/integrationtests/self/conn_id_test.go b/integrationtests/self/conn_id_test.go index ee393075..b9863434 100644 --- a/integrationtests/self/conn_id_test.go +++ b/integrationtests/self/conn_id_test.go @@ -47,8 +47,8 @@ var _ = Describe("Connection ID lengths tests", func() { runClient := func(addr net.Addr, conf *quic.Config) { GinkgoWriter.Write([]byte(fmt.Sprintf("Using %d byte connection ID for the client\n", conf.ConnectionIDLength))) cl, err := quic.DialAddr( - fmt.Sprintf("quic.clemente.io:%d", addr.(*net.UDPAddr).Port), - &tls.Config{InsecureSkipVerify: true}, + fmt.Sprintf("localhost:%d", addr.(*net.UDPAddr).Port), + &tls.Config{RootCAs: testdata.GetRootCA()}, conf, ) Expect(err).ToNot(HaveOccurred()) diff --git a/integrationtests/self/handshake_drop_test.go b/integrationtests/self/handshake_drop_test.go index 7ed2296f..6df4a872 100644 --- a/integrationtests/self/handshake_drop_test.go +++ b/integrationtests/self/handshake_drop_test.go @@ -1,6 +1,7 @@ package self_test import ( + "crypto/tls" "fmt" mrand "math/rand" "net" @@ -70,8 +71,8 @@ var _ = Describe("Handshake drop tests", func() { serverSessionChan <- sess }() sess, err := quic.DialAddr( - fmt.Sprintf("quic.clemente.io:%d", proxy.LocalPort()), - nil, + fmt.Sprintf("localhost:%d", proxy.LocalPort()), + &tls.Config{RootCAs: testdata.GetRootCA()}, &quic.Config{Versions: []protocol.VersionNumber{version}}, ) Expect(err).ToNot(HaveOccurred()) @@ -102,8 +103,8 @@ var _ = Describe("Handshake drop tests", func() { serverSessionChan <- sess }() sess, err := quic.DialAddr( - fmt.Sprintf("quic.clemente.io:%d", proxy.LocalPort()), - nil, + fmt.Sprintf("localhost:%d", proxy.LocalPort()), + &tls.Config{RootCAs: testdata.GetRootCA()}, &quic.Config{Versions: []protocol.VersionNumber{version}}, ) Expect(err).ToNot(HaveOccurred()) @@ -132,8 +133,8 @@ var _ = Describe("Handshake drop tests", func() { serverSessionChan <- sess }() sess, err := quic.DialAddr( - fmt.Sprintf("quic.clemente.io:%d", proxy.LocalPort()), - nil, + fmt.Sprintf("localhost:%d", proxy.LocalPort()), + &tls.Config{RootCAs: testdata.GetRootCA()}, &quic.Config{Versions: []protocol.VersionNumber{version}}, ) Expect(err).ToNot(HaveOccurred()) diff --git a/integrationtests/self/handshake_rtt_test.go b/integrationtests/self/handshake_rtt_test.go index 900b1dbb..33dfdd28 100644 --- a/integrationtests/self/handshake_rtt_test.go +++ b/integrationtests/self/handshake_rtt_test.go @@ -95,7 +95,7 @@ var _ = Describe("Handshake RTT tests", func() { clientConfig = &quic.Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} clientTLSConfig = &tls.Config{ InsecureSkipVerify: true, - ServerName: "quic.clemente.io", + ServerName: "localhost", } }) diff --git a/integrationtests/self/handshake_test.go b/integrationtests/self/handshake_test.go index f410cde0..23fb9f64 100644 --- a/integrationtests/self/handshake_test.go +++ b/integrationtests/self/handshake_test.go @@ -97,10 +97,14 @@ var _ = Describe("Handshake tests", func() { version := v Context(fmt.Sprintf("using %s", version), func() { - var clientConfig *quic.Config + var ( + tlsConf *tls.Config + clientConfig *quic.Config + ) BeforeEach(func() { serverConfig.Versions = []protocol.VersionNumber{version} + tlsConf = &tls.Config{RootCAs: testdata.GetRootCA()} clientConfig = &quic.Config{ Versions: []protocol.VersionNumber{version}, } @@ -108,20 +112,32 @@ var _ = Describe("Handshake tests", func() { It("accepts the certificate", func() { runServer() - _, err := quic.DialAddr(fmt.Sprintf("quic.clemente.io:%d", server.Addr().(*net.UDPAddr).Port), nil, clientConfig) + _, err := quic.DialAddr( + fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port), + tlsConf, + clientConfig, + ) Expect(err).ToNot(HaveOccurred()) }) It("errors if the server name doesn't match", func() { runServer() - _, err := quic.DialAddr(fmt.Sprintf("127.0.0.1:%d", server.Addr().(*net.UDPAddr).Port), nil, clientConfig) + _, err := quic.DialAddr( + fmt.Sprintf("127.0.0.1:%d", server.Addr().(*net.UDPAddr).Port), + tlsConf, + clientConfig, + ) Expect(err).To(HaveOccurred()) }) It("uses the ServerName in the tls.Config", func() { runServer() - conf := &tls.Config{ServerName: "quic.clemente.io"} - _, err := quic.DialAddr(fmt.Sprintf("127.0.0.1:%d", server.Addr().(*net.UDPAddr).Port), conf, clientConfig) + tlsConf.ServerName = "localhost" + _, err := quic.DialAddr( + fmt.Sprintf("127.0.0.1:%d", server.Addr().(*net.UDPAddr).Port), + tlsConf, + clientConfig, + ) Expect(err).ToNot(HaveOccurred()) }) }) diff --git a/integrationtests/self/multiplex_test.go b/integrationtests/self/multiplex_test.go index be06fc6b..c4a6e9da 100644 --- a/integrationtests/self/multiplex_test.go +++ b/integrationtests/self/multiplex_test.go @@ -1,6 +1,7 @@ package self_test import ( + "crypto/tls" "fmt" "io/ioutil" "net" @@ -46,8 +47,8 @@ var _ = Describe("Multiplexing", func() { sess, err := quic.Dial( conn, addr, - fmt.Sprintf("quic.clemente.io:%d", addr.(*net.UDPAddr).Port), - nil, + fmt.Sprintf("localhost:%d", addr.(*net.UDPAddr).Port), + &tls.Config{RootCAs: testdata.GetRootCA()}, &quic.Config{Versions: []protocol.VersionNumber{version}}, ) Expect(err).ToNot(HaveOccurred()) diff --git a/integrationtests/self/rtt_test.go b/integrationtests/self/rtt_test.go index 568f511d..c6076093 100644 --- a/integrationtests/self/rtt_test.go +++ b/integrationtests/self/rtt_test.go @@ -1,6 +1,7 @@ package self import ( + "crypto/tls" "fmt" "io/ioutil" "net" @@ -63,8 +64,8 @@ var _ = Describe("non-zero RTT", func() { defer proxy.Close() sess, err := quic.DialAddr( - fmt.Sprintf("quic.clemente.io:%d", proxy.LocalPort()), - nil, + fmt.Sprintf("localhost:%d", proxy.LocalPort()), + &tls.Config{RootCAs: testdata.GetRootCA()}, &quic.Config{Versions: []protocol.VersionNumber{version}}, ) Expect(err).ToNot(HaveOccurred()) diff --git a/integrationtests/self/stream_test.go b/integrationtests/self/stream_test.go index 64039698..9729c5f2 100644 --- a/integrationtests/self/stream_test.go +++ b/integrationtests/self/stream_test.go @@ -1,6 +1,7 @@ package self_test import ( + "crypto/tls" "fmt" "io/ioutil" "net" @@ -36,7 +37,7 @@ var _ = Describe("Bidirectional streams", func() { } server, err = quic.ListenAddr("localhost:0", testdata.GetTLSConfig(), qconf) Expect(err).ToNot(HaveOccurred()) - serverAddr = fmt.Sprintf("quic.clemente.io:%d", server.Addr().(*net.UDPAddr).Port) + serverAddr = fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port) }) AfterEach(func() { @@ -98,7 +99,11 @@ var _ = Describe("Bidirectional streams", func() { runReceivingPeer(sess) }() - client, err := quic.DialAddr(serverAddr, nil, qconf) + client, err := quic.DialAddr( + serverAddr, + &tls.Config{RootCAs: testdata.GetRootCA()}, + qconf, + ) Expect(err).ToNot(HaveOccurred()) runSendingPeer(client) }) @@ -112,7 +117,11 @@ var _ = Describe("Bidirectional streams", func() { sess.Close() }() - client, err := quic.DialAddr(serverAddr, nil, qconf) + client, err := quic.DialAddr( + serverAddr, + &tls.Config{RootCAs: testdata.GetRootCA()}, + qconf, + ) Expect(err).ToNot(HaveOccurred()) runReceivingPeer(client) Eventually(client.Context().Done()).Should(BeClosed()) @@ -135,7 +144,11 @@ var _ = Describe("Bidirectional streams", func() { close(done1) }() - client, err := quic.DialAddr(serverAddr, nil, qconf) + client, err := quic.DialAddr( + serverAddr, + &tls.Config{RootCAs: testdata.GetRootCA()}, + qconf, + ) Expect(err).ToNot(HaveOccurred()) done2 := make(chan struct{}) go func() { diff --git a/integrationtests/self/uni_stream_test.go b/integrationtests/self/uni_stream_test.go index ba3d7e4d..fdc0945d 100644 --- a/integrationtests/self/uni_stream_test.go +++ b/integrationtests/self/uni_stream_test.go @@ -1,6 +1,7 @@ package self_test import ( + "crypto/tls" "fmt" "io/ioutil" "net" @@ -29,7 +30,7 @@ var _ = Describe("Unidirectional Streams", func() { qconf = &quic.Config{Versions: []protocol.VersionNumber{protocol.VersionTLS}} server, err = quic.ListenAddr("localhost:0", testdata.GetTLSConfig(), qconf) Expect(err).ToNot(HaveOccurred()) - serverAddr = fmt.Sprintf("quic.clemente.io:%d", server.Addr().(*net.UDPAddr).Port) + serverAddr = fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port) }) AfterEach(func() { @@ -71,17 +72,19 @@ var _ = Describe("Unidirectional Streams", func() { } It(fmt.Sprintf("client opening %d streams to a server", numStreams), func() { - var sess quic.Session go func() { defer GinkgoRecover() - var err error - sess, err = server.Accept() + sess, err := server.Accept() Expect(err).ToNot(HaveOccurred()) runReceivingPeer(sess) sess.Close() }() - client, err := quic.DialAddr(serverAddr, nil, qconf) + client, err := quic.DialAddr( + serverAddr, + &tls.Config{RootCAs: testdata.GetRootCA()}, + qconf, + ) Expect(err).ToNot(HaveOccurred()) runSendingPeer(client) <-client.Context().Done() @@ -95,7 +98,11 @@ var _ = Describe("Unidirectional Streams", func() { runSendingPeer(sess) }() - client, err := quic.DialAddr(serverAddr, nil, qconf) + client, err := quic.DialAddr( + serverAddr, + &tls.Config{RootCAs: testdata.GetRootCA()}, + qconf, + ) Expect(err).ToNot(HaveOccurred()) runReceivingPeer(client) }) @@ -117,7 +124,11 @@ var _ = Describe("Unidirectional Streams", func() { close(done1) }() - client, err := quic.DialAddr(serverAddr, nil, qconf) + client, err := quic.DialAddr( + serverAddr, + &tls.Config{RootCAs: testdata.GetRootCA()}, + qconf, + ) Expect(err).ToNot(HaveOccurred()) done2 := make(chan struct{}) go func() { diff --git a/internal/handshake/crypto_setup_test.go b/internal/handshake/crypto_setup_test.go index bc8e224b..31dcf3e1 100644 --- a/internal/handshake/crypto_setup_test.go +++ b/internal/handshake/crypto_setup_test.go @@ -48,6 +48,8 @@ func (s *stream) Write(b []byte) (int, error) { } var _ = Describe("Crypto Setup TLS", func() { + var clientConf *tls.Config + initStreams := func() (chan chunk, *stream /* initial */, *stream /* handshake */) { chunkChan := make(chan chunk, 100) initialStream := newStream(chunkChan, protocol.EncryptionInitial) @@ -55,6 +57,13 @@ var _ = Describe("Crypto Setup TLS", func() { return chunkChan, initialStream, handshakeStream } + BeforeEach(func() { + clientConf = &tls.Config{ + ServerName: "localhost", + RootCAs: testdata.GetRootCA(), + } + }) + It("returns Handshake() when an error occurs", func() { _, sInitialStream, sHandshakeStream := initStreams() server, err := NewCryptoSetupServer( @@ -231,7 +240,6 @@ var _ = Describe("Crypto Setup TLS", func() { } It("handshakes", func() { - clientConf := &tls.Config{ServerName: "quic.clemente.io"} serverConf := testdata.GetTLSConfig() clientErr, serverErr := handshakeWithTLSConf(clientConf, serverConf) Expect(clientErr).ToNot(HaveOccurred()) @@ -239,10 +247,7 @@ var _ = Describe("Crypto Setup TLS", func() { }) It("handshakes with client auth", func() { - clientConf := &tls.Config{ - ServerName: "quic.clemente.io", - Certificates: []tls.Certificate{generateCert()}, - } + clientConf.Certificates = []tls.Certificate{generateCert()} serverConf := testdata.GetTLSConfig() serverConf.ClientAuth = qtls.RequireAnyClientCert clientErr, serverErr := handshakeWithTLSConf(clientConf, serverConf) @@ -299,7 +304,7 @@ var _ = Describe("Crypto Setup TLS", func() { protocol.ConnectionID{}, cTransportParameters, func(p *TransportParameters) { sTransportParametersRcvd = p }, - &tls.Config{ServerName: "quic.clemente.io"}, + clientConf, protocol.VersionTLS, []protocol.VersionNumber{protocol.VersionTLS}, protocol.VersionTLS, diff --git a/internal/testdata/ca.pem b/internal/testdata/ca.pem new file mode 100644 index 00000000..1118b05b --- /dev/null +++ b/internal/testdata/ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0DCCAbgCCQCmiwJpSoekpDANBgkqhkiG9w0BAQsFADAqMRMwEQYDVQQKDApx +dWljLWdvIENBMRMwEQYDVQQLDApxdWljLWdvIENBMB4XDTE4MTIwODA2NDIyMVoX +DTI4MTIwNTA2NDIyMVowKjETMBEGA1UECgwKcXVpYy1nbyBDQTETMBEGA1UECwwK +cXVpYy1nbyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5MxI09 +i01xRON732BFIuxO2SGjA9jYkvUvNXK886gifp2BfWLcOW1DHkXxBnhWMqfpcIWM +GviF4G2Mp0HEJDMe+4LBxje/1e2WA+nzQlIZD6LaDi98nXJaAcCMM4a64Vm0i8Z3 ++4c+O93+5TekPn507nl7QA1IaEEtoek7w7wDw4ZF3ET+nns2HwVpV/ugfuYOQbTJ +8Np+zO8EfPMTUjEpKdl4bp/yqcouWD+oIhoxmx1V+LxshcpSwtzHIAi6gjHUDCEe +bk5Y2GBT4VR5WKmNGvlfe9L0Gn0ZLJoeXDshrunF0xEmSv8MxlHcKH/u4IHiO+6x ++5sdslqY7uEPEhkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvXUMiatkgsnoRHc +UobKraGttETivxvtKpc48o1TSkR+kCKbMnygmrvc5niEqc9iDg8JI6HjBKJ3/hfA +uKdyiR8cQNcQRgJ/3FVx0n3KGDUbHJSuIQzFvXom2ZPdlAHFqAT+8AVrz42v8gct +gyiGdFCSNisDbevOiRHuJtZ0m8YsGgtfU48wqGOaSSsRz4mYD6kqBFd0+Ja3/EGv +vl24L5xMCy1zGGl6wKPa7TT7ok4TfD1YmIXOfmWYop6cTLwePLj1nHrLi0AlsSn1 +2pFlosc9/qEbO5drqNoxUZfeF0L9RUSuArHRSO779dW/AmOtFdK3yaBGqflg0r7p +lYombA== +-----END CERTIFICATE----- diff --git a/internal/testdata/cert.go b/internal/testdata/cert.go index d4a9cf0a..0f67e075 100644 --- a/internal/testdata/cert.go +++ b/internal/testdata/cert.go @@ -2,6 +2,9 @@ package testdata import ( "crypto/tls" + "crypto/x509" + "encoding/pem" + "io/ioutil" "path" "runtime" ) @@ -14,13 +17,12 @@ func init() { panic("Failed to get current frame") } - certPath = path.Join(path.Dir(path.Dir(path.Dir(filename))), "example") + certPath = path.Dir(filename) } -// GetCertificatePaths returns the paths to 'fullchain.pem' and 'privkey.pem' for the -// quic.clemente.io cert. +// GetCertificatePaths returns the paths to certificate and key func GetCertificatePaths() (string, string) { - return path.Join(certPath, "fullchain.pem"), path.Join(certPath, "privkey.pem") + return path.Join(certPath, "cert.pem"), path.Join(certPath, "priv.key") } // GetTLSConfig returns a tls config for quic.clemente.io @@ -33,3 +35,23 @@ func GetTLSConfig() *tls.Config { Certificates: []tls.Certificate{cert}, } } + +// GetRootCA returns an x509.CertPool containing the CA certificate +func GetRootCA() *x509.CertPool { + caCertPath := path.Join(certPath, "ca.pem") + caCertRaw, err := ioutil.ReadFile(caCertPath) + if err != nil { + panic(err) + } + p, _ := pem.Decode(caCertRaw) + if p.Type != "CERTIFICATE" { + panic("expected a certificate") + } + caCert, err := x509.ParseCertificate(p.Bytes) + if err != nil { + panic(err) + } + certPool := x509.NewCertPool() + certPool.AddCert(caCert) + return certPool +} diff --git a/internal/testdata/cert.pem b/internal/testdata/cert.pem new file mode 100644 index 00000000..28e66b70 --- /dev/null +++ b/internal/testdata/cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3jCCAcYCCQCV4BOv+SRo4zANBgkqhkiG9w0BAQUFADAqMRMwEQYDVQQKDApx +dWljLWdvIENBMRMwEQYDVQQLDApxdWljLWdvIENBMB4XDTE4MTIwODA2NDMwMloX +DTI4MTIwNTA2NDMwMlowODEQMA4GA1UECgwHcXVpYy1nbzEQMA4GA1UECwwHcXVp +Yy1nbzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAyc/hS8XHkOJaLrdPOSTZFUBVyHNSfQUX/3dEpmccPlLQLgopYZZO +W/cVhkxAfQ3e68xKkuZKfZN5Hytn5V/AOSk281BqxFxpfCcKVYqVpDZH99+jaVfG +ImPp5Y22qCnbSEwYrMTcLiK8PVa4MkpKf1KNacVlqawU+ZWI5fevAFGTtmrMJ4S+ +qZY7tAaVkax+OiKWWfhLQjJCsN3IIDysTfbWao6cYKgtTfqVChEddzS7LRJVRaB+ ++huUbB87tRBJbCuJX65yB7Fw77YiKoFjc5r2845fcS2Ew4+w29mbXoj7M7g6eup5 +SnCydsCvyNy6VkgaSlWS0DXvxuzWshwUrwIDAQABMA0GCSqGSIb3DQEBBQUAA4IB +AQBWgmFunf44X3/NIjNvVLeQsfGW+4L/lCi2F5tqa70Hkda+xhKACnQQGB2qCSCF +Jfxj4iKrFJ7+JB8GnribWthLuDq49PQrTI+1wKFd9c2b8DXzJLz4Onw+mPX97pZm +TflQSIxXRaFAIQuUWNTArZZEe1ESSlnaBuE5w77LMf4GMFD3P3jzSHKUyM1sF97j +gRbIt8Jw7Uyd8vlXk6m2wvO5H3hZrrhJUJH3WW13a7wLJRnff2meKU90hkLQwuxO +kyh0k/h158/r2ibiahTmQEgHs9vQaCM+HXuk5P+Tzq5Zl/n0dMFZMfkqNkD4nym/ +nu7zfdwMlcBjKt9g3BGw+KE3 +-----END CERTIFICATE----- diff --git a/internal/testdata/cert_test.go b/internal/testdata/cert_test.go new file mode 100644 index 00000000..0de1bd7b --- /dev/null +++ b/internal/testdata/cert_test.go @@ -0,0 +1,31 @@ +package testdata + +import ( + "crypto/tls" + "io/ioutil" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("certificates", func() { + It("returns certificates", func() { + ln, err := tls.Listen("tcp", "localhost:4433", GetTLSConfig()) + Expect(err).ToNot(HaveOccurred()) + + go func() { + defer GinkgoRecover() + conn, err := ln.Accept() + Expect(err).ToNot(HaveOccurred()) + defer conn.Close() + _, err = conn.Write([]byte("foobar")) + Expect(err).ToNot(HaveOccurred()) + }() + + conn, err := tls.Dial("tcp", "localhost:4433", &tls.Config{RootCAs: GetRootCA()}) + Expect(err).ToNot(HaveOccurred()) + data, err := ioutil.ReadAll(conn) + Expect(err).ToNot(HaveOccurred()) + Expect(string(data)).To(Equal("foobar")) + }) +}) diff --git a/internal/testdata/priv.key b/internal/testdata/priv.key new file mode 100644 index 00000000..cd3dd0cf --- /dev/null +++ b/internal/testdata/priv.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyc/hS8XHkOJaLrdPOSTZFUBVyHNSfQUX/3dEpmccPlLQLgop +YZZOW/cVhkxAfQ3e68xKkuZKfZN5Hytn5V/AOSk281BqxFxpfCcKVYqVpDZH99+j +aVfGImPp5Y22qCnbSEwYrMTcLiK8PVa4MkpKf1KNacVlqawU+ZWI5fevAFGTtmrM +J4S+qZY7tAaVkax+OiKWWfhLQjJCsN3IIDysTfbWao6cYKgtTfqVChEddzS7LRJV +RaB++huUbB87tRBJbCuJX65yB7Fw77YiKoFjc5r2845fcS2Ew4+w29mbXoj7M7g6 +eup5SnCydsCvyNy6VkgaSlWS0DXvxuzWshwUrwIDAQABAoIBADunQwVO1Qqync2p +SbWueqyZc8HotL1XwBw3eQdm+yZA/GBfiJPcBhWRF7+20mkkrHwuyuxZPjOYX/ki +r3dRslQzJpcNckHQvy1/rMJUUJ9VnDhc1sTQuTR5LC46kX9rv/HC7JhFKIBKrDHF +bHURGKxCDqLxQnfA8gJEfU7cw9HnxMxmKv7qJ3O7EHYMuTQstkYsGOr60zX/C+Zm +7YA+d7nx1LpL0m2lKs70iz5MzGg+KgKyrkMWQ30gpxILBxNzzuQr7Kv/+63/3+G9 +nfCGeLmwGakPFpm6/GwiABE0yGa71YNAQs18iUTZwP/ZEDw3KB2SoG8wcqWjNAd+ +cUF2PgECgYEA5Xe/OZouw9h0NBo0Zut+HC0YOuUfY72Ug9Fm8bAS6wDuPiO3jIvK +J40d+ZHNp4AakfTuugiqEDJRlV7T/F2K/KHDWvXTg5ZpAC8dsZKJMxyyAp8EniYQ +vsoFWeHBfsD83rCVKLcjDB3hbQH+MSoT3lsqjZRNiNUMK13gyuX7k28CgYEA4SWF +ySRXUqUezX5D8kV5rQVYLcw6WVB3czYd7cKf8zHy4xJX0ZicyZjohknMmKCkdx+M +1mrxlqUO7EBGokM8vs87m/4rz6bjgZffpWzUmP/x1+3f3j/wIZeqNilW8NqY5nLi +tj3JxMwaesU86rOekSy27BlX4sjQ8NRs7Z2d8sECgYBKAD8kBWwVbqWy88x4cHOA +BK7ut1tTIB1YEVzgjobbULaERaJ46c/sx16mUHYBEZf///xI9Ghbxs52nFlC5qve +4xAMMoDey8/a5lbuIDKs0BE8NSoZEm+OB7qIDP0IspYZ/tprgfwEeVJshBsEoew8 +Ziwn8m66tPIyvhizdk2WcwKBgH2M8RgDffaGQbESEk3N1FZZvpx7YKZhqtrCeNoX +SB7T4cAigHpPAk+hRzlref46xrvvChiftmztSm8QQNNHb15wLauFh2Taic/Ao2Sa +VcukHnbtHYPQX9Y7vx1I3ESfgdgwhKBfwF5P+wwvZRL0ax5FsxPh5hJ/LZS+wKeY +13WBAoGAXSqG3ANmCyvSLVmAXGIbr0Tuixf/a25sPrlq7Im1H1OnqLrcyxWCLV3E +6gprhG5An0Zlr/FFRxVojf0TKmtJZs9B70/6WPwVvFtBduCM1zuUuCQYU9opTJQL +ElMIP4VfjABm4tm1fqGIy1PQP0Osb6/qb2DPPJqsFiW0oRByyMA= +-----END RSA PRIVATE KEY----- diff --git a/internal/testdata/testdata_suite_test.go b/internal/testdata/testdata_suite_test.go new file mode 100644 index 00000000..4e9011cf --- /dev/null +++ b/internal/testdata/testdata_suite_test.go @@ -0,0 +1,13 @@ +package testdata + +import ( + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func TestTestdata(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Testdata Suite") +}