diff --git a/handshake_server_test.go b/handshake_server_test.go index ed0248f..ccf00fe 100644 --- a/handshake_server_test.go +++ b/handshake_server_test.go @@ -385,9 +385,6 @@ type serverTest struct { expectedPeerCerts []string // config, if not nil, contains a custom Config to use for this test. config *Config - // expectAlert, if true, indicates that a fatal alert should be returned - // when handshaking with the server. - expectAlert bool // expectHandshakeErrorIncluding, when not empty, contains a string // that must be a substring of the error resulting from the handshake. expectHandshakeErrorIncluding string @@ -512,9 +509,7 @@ func (test *serverTest) run(t *testing.T, write bool) { if !write { flows, err := test.loadData() if err != nil { - if !test.expectAlert { - t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) - } + t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) } for i, b := range flows { if i%2 == 0 { @@ -523,17 +518,11 @@ func (test *serverTest) run(t *testing.T, write bool) { } bb := make([]byte, len(b)) n, err := io.ReadFull(clientConn, bb) - if test.expectAlert { - if err == nil { - t.Fatal("Expected read failure but read succeeded") - } - } else { - if err != nil { - t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) - } - if !bytes.Equal(b, bb) { - t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) - } + if err != nil { + t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) + } + if !bytes.Equal(b, bb) { + t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) } } clientConn.Close() @@ -735,7 +724,7 @@ func TestHandshakeServerSNIGetCertificate(t *testing.T) { return cert, nil } test := &serverTest{ - name: "SNI", + name: "SNI-GetCertificate", command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, config: &config, } @@ -753,7 +742,7 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { return nil, nil } test := &serverTest{ - name: "SNI", + name: "SNI-GetCertificateNotFound", command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, config: &config, } @@ -763,18 +752,20 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { // TestHandshakeServerSNICertForNameError tests to make sure that errors in // GetCertificate result in a tls alert. func TestHandshakeServerSNIGetCertificateError(t *testing.T) { - config := *testConfig + const errMsg = "TestHandshakeServerSNIGetCertificateError error" - config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { - return nil, fmt.Errorf("Test error in GetCertificate") + serverConfig := *testConfig + serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, errors.New(errMsg) } - test := &serverTest{ - name: "SNI", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, - config: &config, - expectAlert: true, + + clientHello := &clientHelloMsg{ + vers: 0x0301, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{0}, + serverName: "test", } - runServerTestTLS12(t, test) + testClientHelloFailure(t, &serverConfig, clientHello, errMsg) } // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with diff --git a/testdata/Server-TLSv12-SNI-GetCertificate b/testdata/Server-TLSv12-SNI-GetCertificate new file mode 100644 index 0000000..88884ac --- /dev/null +++ b/testdata/Server-TLSv12-SNI-GetCertificate @@ -0,0 +1,76 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 6f 01 00 00 6b 03 03 6a 01 e6 6b 95 |....o...k..j..k.| +00000010 30 a8 26 2a ba 53 dd 79 6e 54 fa 69 ee e0 23 d8 |0.&*.S.ynT.i..#.| +00000020 1c 9e 7a 9a ea 7d 13 30 c1 00 d6 00 00 04 00 2f |..z..}.0......./| +00000030 00 ff 02 01 00 00 3d 00 00 00 10 00 0e 00 00 0b |......=.........| +00000040 73 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 |snitest.com... .| +00000050 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................| +00000060 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................| +00000070 0f 00 01 01 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 00 0b 00 01 fc 00 |................| +00000040 01 f9 00 01 f6 30 82 01 f2 30 82 01 5d a0 03 02 |.....0...0..]...| +00000050 01 02 02 01 00 30 0b 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| +00000060 01 05 30 28 31 10 30 0e 06 03 55 04 0a 13 07 41 |..0(1.0...U....A| +00000070 63 6d 65 20 43 6f 31 14 30 12 06 03 55 04 03 13 |cme Co1.0...U...| +00000080 0b 73 6e 69 74 65 73 74 2e 63 6f 6d 30 1e 17 0d |.snitest.com0...| +00000090 31 32 30 34 31 31 31 37 34 30 33 35 5a 17 0d 31 |120411174035Z..1| +000000a0 33 30 34 31 31 31 37 34 35 33 35 5a 30 28 31 10 |30411174535Z0(1.| +000000b0 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| +000000c0 31 14 30 12 06 03 55 04 03 13 0b 73 6e 69 74 65 |1.0...U....snite| +000000d0 73 74 2e 63 6f 6d 30 81 9d 30 0b 06 09 2a 86 48 |st.com0..0...*.H| +000000e0 86 f7 0d 01 01 01 03 81 8d 00 30 81 89 02 81 81 |..........0.....| +000000f0 00 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 |..y......F...i..| +00000100 2b 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 |+.CZ..-.zC...R..| +00000110 65 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e |eL,x.#........;~| +00000120 62 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa |b.,.3...\zV.....| +00000130 58 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 |X{&?......!.J..T| +00000140 9f 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d |.Z..Bq......~.}}| +00000150 f1 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 |..9....Q.|..L;2f| +00000160 01 cf af b1 1d b8 71 9a 1d db db 89 6b ae da 2d |......q.....k..-| +00000170 79 02 03 01 00 01 a3 32 30 30 30 0e 06 03 55 1d |y......2000...U.| +00000180 0f 01 01 ff 04 04 03 02 00 a0 30 0d 06 03 55 1d |..........0...U.| +00000190 0e 04 06 04 04 01 02 03 04 30 0f 06 03 55 1d 23 |.........0...U.#| +000001a0 04 08 30 06 80 04 01 02 03 04 30 0b 06 09 2a 86 |..0.......0...*.| +000001b0 48 86 f7 0d 01 01 05 03 81 81 00 89 c6 45 5f 1c |H............E_.| +000001c0 1f 5e f8 eb 1a b1 74 ee 24 39 05 9f 5c 42 59 bb |.^....t.$9..\BY.| +000001d0 1a 8d 86 cd b1 d0 56 f5 6a 71 7d a4 0e 95 ab 90 |......V.jq}.....| +000001e0 f5 9e 8d ea f6 27 c1 57 99 50 94 db 08 02 26 6e |.....'.W.P....&n| +000001f0 b3 4f c6 84 2d ea 8a 4b 68 d9 c1 38 91 03 ab 84 |.O..-..Kh..8....| +00000200 fb 9e 1f 85 d9 b5 d2 3f f2 31 2c 86 70 fb b5 40 |.......?.1,.p..@| +00000210 14 82 45 a4 eb af e2 64 d9 0c 8a 4c f4 f8 5b 0f |..E....d...L..[.| +00000220 ac 12 ac 2f c4 a3 15 4b ad 52 46 28 68 af 96 c6 |.../...K.RF(h...| +00000230 2c 65 25 d6 52 b6 e3 18 45 bd cc 16 03 03 00 04 |,e%.R...E.......| +00000240 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 03 e1 70 db fd |.............p..| +00000010 a5 69 b6 da ef 2a 3b 81 4a 2a bc 21 fb ae a2 31 |.i...*;.J*.!...1| +00000020 ac d9 34 f0 62 ff da 86 9c b1 c6 e1 cd 63 dc 42 |..4.b........c.B| +00000030 9a 72 b2 cf 6c 6a e0 f5 30 b7 7e 9e 4e a1 fe 64 |.r..lj..0.~.N..d| +00000040 f8 a3 f6 f2 d1 44 3a 82 5a 39 c1 ac 29 22 f7 90 |.....D:.Z9..)"..| +00000050 71 ee 2e 62 c1 1a 22 6f 00 7d 73 4c e4 a3 d2 9a |q..b.."o.}sL....| +00000060 a4 34 4d fb 68 8e 99 91 e3 6d 14 f2 ac 4d 36 60 |.4M.h....m...M6`| +00000070 9b 79 26 4b ff cf 80 3b 8d 8a 04 20 86 73 bb ff |.y&K...;... .s..| +00000080 c3 99 22 04 89 0c 2c 65 a0 d6 4d 14 03 03 00 01 |.."...,e..M.....| +00000090 01 16 03 03 00 40 a9 0b 6e 2d 74 2a ae 5e c3 36 |.....@..n-t*.^.6| +000000a0 50 80 8a d0 81 b6 b4 76 56 39 c0 b6 f8 d9 d6 fb |P......vV9......| +000000b0 bb 24 2d 82 ec 9f f7 d3 4d 9d e1 78 df ea 6a 0a |.$-.....M..x..j.| +000000c0 59 e8 b2 36 31 8e 70 eb 3e e5 e9 1b 9d f3 d7 09 |Y..61.p.>.......| +000000d0 9b 80 55 b5 e4 e4 |..U...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 a4 81 32 49 09 |.............2I.| +00000020 07 8c 05 d1 1c 18 fe ca d7 b8 7f 66 b0 42 2b 6d |...........f.B+m| +00000030 5a cc 72 01 3e 75 3c 23 a2 b7 56 64 b2 b3 0f 1d |Z.r.>u<#..Vd....| +00000040 ce a7 02 f7 88 bf 78 93 37 85 12 17 03 03 00 40 |......x.7......@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 49 b3 f9 ba be 6f df 65 cd 37 79 07 57 40 a4 30 |I....o.e.7y.W@.0| +00000070 f1 f6 d7 2e 87 d2 bd 5c f9 cf 13 c5 91 eb 0c 41 |.......\.......A| +00000080 c3 13 fb b2 de 0c 59 a9 1e e4 d5 b2 ea 4f 88 df |......Y......O..| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 b2 e1 cb 94 94 30 e1 da 42 ea df |..........0..B..| +000000b0 fc 8d 54 8d b2 d9 3b 33 4e 53 98 e9 14 e3 c1 d9 |..T...;3NS......| +000000c0 de b8 e5 51 ca |...Q.| diff --git a/testdata/Server-TLSv12-SNI-GetCertificateNotFound b/testdata/Server-TLSv12-SNI-GetCertificateNotFound new file mode 100644 index 0000000..ebd284b --- /dev/null +++ b/testdata/Server-TLSv12-SNI-GetCertificateNotFound @@ -0,0 +1,76 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 6f 01 00 00 6b 03 03 3d 70 50 1f cc |....o...k..=pP..| +00000010 5b 7a b5 67 c2 fc e8 65 a9 3d 7c 2a 93 ef 0d 41 |[z.g...e.=|*...A| +00000020 a1 7d 78 a8 af 7d 70 af ce 1b 0e 00 00 04 00 2f |.}x..}p......../| +00000030 00 ff 02 01 00 00 3d 00 00 00 10 00 0e 00 00 0b |......=.........| +00000040 73 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 |snitest.com... .| +00000050 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................| +00000060 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................| +00000070 0f 00 01 01 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 00 0b 00 01 fc 00 |................| +00000040 01 f9 00 01 f6 30 82 01 f2 30 82 01 5d a0 03 02 |.....0...0..]...| +00000050 01 02 02 01 00 30 0b 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| +00000060 01 05 30 28 31 10 30 0e 06 03 55 04 0a 13 07 41 |..0(1.0...U....A| +00000070 63 6d 65 20 43 6f 31 14 30 12 06 03 55 04 03 13 |cme Co1.0...U...| +00000080 0b 73 6e 69 74 65 73 74 2e 63 6f 6d 30 1e 17 0d |.snitest.com0...| +00000090 31 32 30 34 31 31 31 37 34 30 33 35 5a 17 0d 31 |120411174035Z..1| +000000a0 33 30 34 31 31 31 37 34 35 33 35 5a 30 28 31 10 |30411174535Z0(1.| +000000b0 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| +000000c0 31 14 30 12 06 03 55 04 03 13 0b 73 6e 69 74 65 |1.0...U....snite| +000000d0 73 74 2e 63 6f 6d 30 81 9d 30 0b 06 09 2a 86 48 |st.com0..0...*.H| +000000e0 86 f7 0d 01 01 01 03 81 8d 00 30 81 89 02 81 81 |..........0.....| +000000f0 00 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 |..y......F...i..| +00000100 2b 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 |+.CZ..-.zC...R..| +00000110 65 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e |eL,x.#........;~| +00000120 62 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa |b.,.3...\zV.....| +00000130 58 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 |X{&?......!.J..T| +00000140 9f 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d |.Z..Bq......~.}}| +00000150 f1 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 |..9....Q.|..L;2f| +00000160 01 cf af b1 1d b8 71 9a 1d db db 89 6b ae da 2d |......q.....k..-| +00000170 79 02 03 01 00 01 a3 32 30 30 30 0e 06 03 55 1d |y......2000...U.| +00000180 0f 01 01 ff 04 04 03 02 00 a0 30 0d 06 03 55 1d |..........0...U.| +00000190 0e 04 06 04 04 01 02 03 04 30 0f 06 03 55 1d 23 |.........0...U.#| +000001a0 04 08 30 06 80 04 01 02 03 04 30 0b 06 09 2a 86 |..0.......0...*.| +000001b0 48 86 f7 0d 01 01 05 03 81 81 00 89 c6 45 5f 1c |H............E_.| +000001c0 1f 5e f8 eb 1a b1 74 ee 24 39 05 9f 5c 42 59 bb |.^....t.$9..\BY.| +000001d0 1a 8d 86 cd b1 d0 56 f5 6a 71 7d a4 0e 95 ab 90 |......V.jq}.....| +000001e0 f5 9e 8d ea f6 27 c1 57 99 50 94 db 08 02 26 6e |.....'.W.P....&n| +000001f0 b3 4f c6 84 2d ea 8a 4b 68 d9 c1 38 91 03 ab 84 |.O..-..Kh..8....| +00000200 fb 9e 1f 85 d9 b5 d2 3f f2 31 2c 86 70 fb b5 40 |.......?.1,.p..@| +00000210 14 82 45 a4 eb af e2 64 d9 0c 8a 4c f4 f8 5b 0f |..E....d...L..[.| +00000220 ac 12 ac 2f c4 a3 15 4b ad 52 46 28 68 af 96 c6 |.../...K.RF(h...| +00000230 2c 65 25 d6 52 b6 e3 18 45 bd cc 16 03 03 00 04 |,e%.R...E.......| +00000240 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 1c 6d 66 c4 c1 |............mf..| +00000010 92 07 67 6c f7 54 32 70 31 53 89 8d 60 29 d8 df |..gl.T2p1S..`)..| +00000020 8b b9 62 a0 3c 79 e3 67 45 e9 6d 6e f5 9b cd 18 |..b.>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 88 5b 91 f7 4e |............[..N| +00000020 07 30 30 98 88 5c de 79 e0 63 1a 91 17 3a 2f bf |.00..\.y.c...:/.| +00000030 8b 6b 61 f9 56 d7 43 bf 87 42 34 f3 09 b1 5e 67 |.ka.V.C..B4...^g| +00000040 a2 33 0d 15 b8 7d c5 a8 35 50 4f 17 03 03 00 40 |.3...}..5PO....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 50 27 94 e0 5a da 24 8f b2 d3 f3 f6 a4 1e f6 ac |P'..Z.$.........| +00000070 b9 2a 48 85 41 f7 84 4c 1e f4 ca aa 90 1f f8 1b |.*H.A..L........| +00000080 2f 53 01 2b 5e 48 82 ab f0 70 ad 4b 8f 5d bd 27 |/S.+^H...p.K.].'| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 5c 38 ba 1e 5a 18 9a a0 31 aa 98 |.....\8..Z...1..| +000000b0 68 3e ba 01 42 ee b7 78 1a ed 56 f8 b6 49 a7 4c |h>..B..x..V..I.L| +000000c0 e1 8d dd 1c 9c |.....|