From 6c08cae23bb83a5a41cf45d05dd8710d1b61ce3c Mon Sep 17 00:00:00 2001 From: Clide Stefani Date: Wed, 26 Jun 2024 16:29:01 -0400 Subject: [PATCH] crypto/tls: add exclude tls flags to bogo_shim_test The existing implementation of bogo_shim_test does not support tests that use the -no-tls1, -no-tls11, or -no-tls12 flags. This change adds support for these flags. Updates #51434 Change-Id: I43eaea9f5ec6da6811b150630a7dde24d108017e Reviewed-on: https://go-review.googlesource.com/c/go/+/595775 Auto-Submit: Roland Shoemaker Reviewed-by: Russell Webb LUCI-TryBot-Result: Go LUCI Reviewed-by: Cherry Mui Reviewed-by: Roland Shoemaker --- bogo_shim_test.go | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/bogo_shim_test.go b/bogo_shim_test.go index f481a5a..ce01852 100644 --- a/bogo_shim_test.go +++ b/bogo_shim_test.go @@ -37,6 +37,9 @@ var ( maxVersion = flag.Int("max-version", VersionTLS13, "") expectVersion = flag.Int("expect-version", 0, "") + noTLS1 = flag.Bool("no-tls1", false, "") + noTLS11 = flag.Bool("no-tls11", false, "") + noTLS12 = flag.Bool("no-tls12", false, "") noTLS13 = flag.Bool("no-tls13", false, "") requireAnyClientCertificate = flag.Bool("require-any-client-certificate", false, "") @@ -116,8 +119,29 @@ func bogoShim() { ClientSessionCache: NewLRUClientSessionCache(0), } - if *noTLS13 && cfg.MaxVersion == VersionTLS13 { + + if *noTLS1 { + cfg.MinVersion = VersionTLS11 + if *noTLS11 { + cfg.MinVersion = VersionTLS12 + if *noTLS12 { + cfg.MinVersion = VersionTLS13 + if *noTLS13 { + log.Fatalf("no supported versions enabled") + } + } + } + } else if *noTLS13 { cfg.MaxVersion = VersionTLS12 + if *noTLS12 { + cfg.MaxVersion = VersionTLS11 + if *noTLS11 { + cfg.MaxVersion = VersionTLS10 + if *noTLS1 { + log.Fatalf("no supported versions enabled") + } + } + } } if *advertiseALPN != "" {