mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-04 12:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

handshake: set MinVersion on the Config returned by GetConfigForClient (#4134)

Browse source
This commit is contained in:
Marten Seemann 2023-10-27 12:35:07 +07:00 committed by GitHub
parent d309060cde
commit ef800d6f71
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/handshake/crypto_setup.go
View file

@ -148,6 +148,8 @@ func addConnToClientHelloInfo(conf *tls.Config, localAddr, remoteAddr net.Addr)
c, err := gcfc(info) c, err := gcfc(info)
if c != nil { if c != nil {
c = c.Clone() c = c.Clone()
// This won't be necessary anymore once https://github.com/golang/go/issues/63722 is accepted.
c.MinVersion = tls.VersionTLS13
// We're returning a tls.Config here, so we need to apply this recursively. // We're returning a tls.Config here, so we need to apply this recursively.
addConnToClientHelloInfo(c, localAddr, remoteAddr) addConnToClientHelloInfo(c, localAddr, remoteAddr)
} }

9
internal/handshake/crypto_setup_test.go
View file

@ -140,10 +140,12 @@ var _ = Describe("Crypto Setup TLS", func() {
}, },
} }
addConnToClientHelloInfo(tlsConf, local, remote) addConnToClientHelloInfo(tlsConf, local, remote)
_, err := tlsConf.GetConfigForClient(&tls.ClientHelloInfo{}) conf, err := tlsConf.GetConfigForClient(&tls.ClientHelloInfo{})
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(localAddr).To(Equal(local)) Expect(localAddr).To(Equal(local))
Expect(remoteAddr).To(Equal(remote)) Expect(remoteAddr).To(Equal(remote))
Expect(conf).ToNot(BeNil())
Expect(conf.MinVersion).To(BeEquivalentTo(tls.VersionTLS13))
}) })
It("wraps GetConfigForClient, recursively", func() { It("wraps GetConfigForClient, recursively", func() {
@ -158,18 +160,23 @@ var _ = Describe("Crypto Setup TLS", func() {
} }
tlsConf.GetConfigForClient = func(info *tls.ClientHelloInfo) (*tls.Config, error) { tlsConf.GetConfigForClient = func(info *tls.ClientHelloInfo) (*tls.Config, error) {
innerConf = tlsConf.Clone() innerConf = tlsConf.Clone()
// set the MaxVersion, so we can check that quic-go doesn't overwrite the user's config
innerConf.MaxVersion = tls.VersionTLS12
innerConf.GetCertificate = getCert innerConf.GetCertificate = getCert
return innerConf, nil return innerConf, nil
} }
addConnToClientHelloInfo(tlsConf, local, remote) addConnToClientHelloInfo(tlsConf, local, remote)
conf, err := tlsConf.GetConfigForClient(&tls.ClientHelloInfo{}) conf, err := tlsConf.GetConfigForClient(&tls.ClientHelloInfo{})
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(conf).ToNot(BeNil())
Expect(conf.MinVersion).To(BeEquivalentTo(tls.VersionTLS13))
_, err = conf.GetCertificate(&tls.ClientHelloInfo{}) _, err = conf.GetCertificate(&tls.ClientHelloInfo{})
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
Expect(localAddr).To(Equal(local)) Expect(localAddr).To(Equal(local))
Expect(remoteAddr).To(Equal(remote)) Expect(remoteAddr).To(Equal(remote))
// make sure that the tls.Config returned by GetConfigForClient isn't modified // make sure that the tls.Config returned by GetConfigForClient isn't modified
Expect(reflect.ValueOf(innerConf.GetCertificate).Pointer() == reflect.ValueOf(getCert).Pointer()).To(BeTrue()) Expect(reflect.ValueOf(innerConf.GetCertificate).Pointer() == reflect.ValueOf(getCert).Pointer()).To(BeTrue())
Expect(innerConf.MaxVersion).To(BeEquivalentTo(tls.VersionTLS12))
}) })
}) })