mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/tls: clarify group selection logic
I initially thought the logic was broken, but writing the test I
realized it was actually very clever (derogative). It was relying on the
outer loop continuing after a supported match without a key share,
allowing a later key share to override it (but not a later supported
match because of the "if selectedGroup != 0 { continue }").
Replaced the clever loop with two hopefully more understandable loops,
and added a test (which was already passing).
We were however not checking that the selected group is in the supported
list if we found it in key shares first. (This was only a MAY.) Fixed.
Fixes #65686
Change-Id: I09ea44f90167ffa36809deb78255ed039a217b6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586655
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
Filippo Valsorda
Gopher Robot
parent
2a85364a09
commit
245de0a13b
9 changed files with 248 additions and 60 deletions
|
|
@ -296,6 +296,8 @@ Dialing:
|
|||
|
||||
case c2 := <-localListener.ch:
|
||||
if c2.RemoteAddr().String() == c1.LocalAddr().String() {
|
||||
t.Cleanup(func() { c1.Close() })
|
||||
t.Cleanup(func() { c2.Close() })
|
||||
return c1, c2
|
||||
}
|
||||
t.Logf("localPipe: unexpected connection: %v != %v", c2.RemoteAddr(), c1.LocalAddr())
|
||||
|
|
@ -399,7 +401,7 @@ func runMain(m *testing.M) int {
|
|||
func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
|
||||
const sentinel = "SENTINEL\n"
|
||||
c, s := localPipe(t)
|
||||
errChan := make(chan error)
|
||||
errChan := make(chan error, 1)
|
||||
go func() {
|
||||
cli := Client(c, clientConfig)
|
||||
err := cli.Handshake()
|
||||
|
|
@ -408,7 +410,7 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat
|
|||
c.Close()
|
||||
return
|
||||
}
|
||||
defer cli.Close()
|
||||
defer func() { errChan <- nil }()
|
||||
clientState = cli.ConnectionState()
|
||||
buf, err := io.ReadAll(cli)
|
||||
if err != nil {
|
||||
|
|
@ -417,7 +419,9 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat
|
|||
if got := string(buf); got != sentinel {
|
||||
t.Errorf("read %q from TLS connection, but expected %q", got, sentinel)
|
||||
}
|
||||
errChan <- nil
|
||||
if err := cli.Close(); err != nil {
|
||||
t.Errorf("failed to call cli.Close: %v", err)
|
||||
}
|
||||
}()
|
||||
server := Server(s, serverConfig)
|
||||
err = server.Handshake()
|
||||
|
|
@ -429,11 +433,11 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat
|
|||
if err := server.Close(); err != nil {
|
||||
t.Errorf("failed to call server.Close: %v", err)
|
||||
}
|
||||
err = <-errChan
|
||||
} else {
|
||||
err = fmt.Errorf("server: %v", err)
|
||||
s.Close()
|
||||
<-errChan
|
||||
}
|
||||
err = errors.Join(err, <-errChan)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue