mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: make TLS 1.3 opt-in

Browse source 
Updates #30055

Change-Id: If68615c8e9daa4226125dcc6a6866f29f3cfeef1
Reviewed-on: https://go-review.googlesource.com/c/160997
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
This commit is contained in:
Filippo Valsorda 2019-02-05 15:29:02 -05:00
parent 034cff773b
commit 6fa53d1012
2 changed files with 86 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

49
tls_test.go
View file

@ -18,10 +18,18 @@ import (
"os"
"reflect"
"strings"
"sync"
"testing"
"time"
)
func init() {
// TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
// TestTLS13Switch below tests the disabled behavior. See Issue 30055.
tls13Support.Do(func() {}) // defuse the sync.Once
tls13Support.cached = true
}
var rsaCertPEM = `-----BEGIN CERTIFICATE-----
MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
@ -1076,18 +1084,47 @@ func TestEscapeRoute(t *testing.T) {
VersionSSL30,
}
ss, cs, err := testHandshake(t, testConfig, testConfig)
expectVersion(t, testConfig, testConfig, VersionTLS12)
}
func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) {
ss, cs, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("Handshake failed when support for TLS 1.3 was dropped: %v", err)
t.Fatalf("Handshake failed: %v", err)
}
if ss.Version != VersionTLS12 {
t.Errorf("Server negotiated version %x, expected %x", cs.Version, VersionTLS12)
if ss.Version != v {
t.Errorf("Server negotiated version %x, expected %x", cs.Version, v)
}
if cs.Version != VersionTLS12 {
t.Errorf("Client negotiated version %x, expected %x", cs.Version, VersionTLS12)
if cs.Version != v {
t.Errorf("Client negotiated version %x, expected %x", cs.Version, v)
}
}
// TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055.
func TestTLS13Switch(t *testing.T) {
defer func(savedGODEBUG string) {
os.Setenv("GODEBUG", savedGODEBUG)
}(os.Getenv("GODEBUG"))
os.Setenv("GODEBUG", "tls13=0")
tls13Support.Once = sync.Once{} // reset the cache
tls12Config := testConfig.Clone()
tls12Config.MaxVersion = VersionTLS12
expectVersion(t, testConfig, testConfig, VersionTLS12)
expectVersion(t, tls12Config, testConfig, VersionTLS12)
expectVersion(t, testConfig, tls12Config, VersionTLS12)
expectVersion(t, tls12Config, tls12Config, VersionTLS12)
os.Setenv("GODEBUG", "tls13=1")
tls13Support.Once = sync.Once{} // reset the cache
expectVersion(t, testConfig, testConfig, VersionTLS13)
expectVersion(t, tls12Config, testConfig, VersionTLS12)
expectVersion(t, testConfig, tls12Config, VersionTLS12)
expectVersion(t, tls12Config, tls12Config, VersionTLS12)
}
// Issue 28744: Ensure that we don't modify memory
// that Config doesn't own such as Certificates.
func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) {