4 changed files with 28 additions and 28 deletions
Unified View
Diff Options
-
+1 -1example_test.go
-
+1 -1handshake_client_test.go
-
+18 -18handshake_messages.go
-
+8 -8handshake_server_test.go
+ 1
- 1
example_test.go
View File
| @@ -81,7 +81,7 @@ func ExampleConfig_keyLogWriter_TLS12() { | |||||
| // reproducible. | // reproducible. | ||||
| server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) | server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) | ||||
| server.TLS = &tls.Config{ | server.TLS = &tls.Config{ | ||||
| Rand: zeroSource{}, // for example only; don't do this. | |||||
| Rand: zeroSource{}, // for example only; don't do this. | |||||
| MaxVersion: tls.VersionTLS12, | MaxVersion: tls.VersionTLS12, | ||||
| } | } | ||||
| server.StartTLS() | server.StartTLS() | ||||
+ 1
- 1
handshake_client_test.go
View File
| @@ -681,7 +681,7 @@ func TestClientResumption(t *testing.T) { | |||||
| ClientSessionCache: NewLRUClientSessionCache(32), | ClientSessionCache: NewLRUClientSessionCache(32), | ||||
| RootCAs: rootCAs, | RootCAs: rootCAs, | ||||
| ServerName: "example.golang", | ServerName: "example.golang", | ||||
| MaxVersion: VersionTLS12, // Enforce TLSv1.2 | |||||
| MaxVersion: VersionTLS12, // Enforce TLSv1.2 | |||||
| } | } | ||||
| testResumeState := func(test string, didResume bool) { | testResumeState := func(test string, didResume bool) { | ||||
+ 18
- 18
handshake_messages.go
View File
| @@ -41,24 +41,24 @@ type clientHelloMsg struct { | |||||
| // Marshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | // Marshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | ||||
| // for more details. Extension is serialized in data buffer | // for more details. Extension is serialized in data buffer | ||||
| // Function advances data slice and returns it, so that it can be used for further processing | // Function advances data slice and returns it, so that it can be used for further processing | ||||
| func marshallExtensionSignatureAlgorithms(data []byte, sigSchemes []SignatureScheme) ([]byte) { | |||||
| data[0] = byte(extensionSignatureAlgorithms >> 8) | |||||
| data[1] = byte(extensionSignatureAlgorithms) | |||||
| l := 2 + 2*len(sigSchemes) | |||||
| data[2] = byte(l >> 8) | |||||
| data[3] = byte(l) | |||||
| data = data[4:] | |||||
| l -= 2 | |||||
| data[0] = byte(l >> 8) | |||||
| data[1] = byte(l) | |||||
| data = data[2:] | |||||
| for _, sigAlgo := range sigSchemes { | |||||
| data[0] = byte(sigAlgo >> 8) | |||||
| data[1] = byte(sigAlgo) | |||||
| data = data[2:] | |||||
| } | |||||
| return data | |||||
| func marshallExtensionSignatureAlgorithms(data []byte, sigSchemes []SignatureScheme) []byte { | |||||
| data[0] = byte(extensionSignatureAlgorithms >> 8) | |||||
| data[1] = byte(extensionSignatureAlgorithms) | |||||
| l := 2 + 2*len(sigSchemes) | |||||
| data[2] = byte(l >> 8) | |||||
| data[3] = byte(l) | |||||
| data = data[4:] | |||||
| l -= 2 | |||||
| data[0] = byte(l >> 8) | |||||
| data[1] = byte(l) | |||||
| data = data[2:] | |||||
| for _, sigAlgo := range sigSchemes { | |||||
| data[0] = byte(sigAlgo >> 8) | |||||
| data[1] = byte(sigAlgo) | |||||
| data = data[2:] | |||||
| } | |||||
| return data | |||||
| } | } | ||||
| // Unmrshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | // Unmrshalling of signature_algorithms extension see https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | ||||
+ 8
- 8
handshake_server_test.go
View File
| @@ -197,9 +197,9 @@ func TestDontSelectRSAWithECDSAKey(t *testing.T) { | |||||
| func TestRenegotiationExtension(t *testing.T) { | func TestRenegotiationExtension(t *testing.T) { | ||||
| clientHello := &clientHelloMsg{ | clientHello := &clientHelloMsg{ | ||||
| vers: VersionTLS12, | |||||
| compressionMethods: []uint8{compressionNone}, | |||||
| random: make([]byte, 32), | |||||
| vers: VersionTLS12, | |||||
| compressionMethods: []uint8{compressionNone}, | |||||
| random: make([]byte, 32), | |||||
| secureRenegotiationSupported: true, | secureRenegotiationSupported: true, | ||||
| cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, | cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, | ||||
| } | } | ||||
| @@ -344,7 +344,7 @@ func TestVersion(t *testing.T) { | |||||
| } | } | ||||
| clientConfig := &Config{ | clientConfig := &Config{ | ||||
| InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
| MinVersion: VersionTLS10, | |||||
| MinVersion: VersionTLS10, | |||||
| } | } | ||||
| state, _, err := testHandshake(clientConfig, serverConfig) | state, _, err := testHandshake(clientConfig, serverConfig) | ||||
| if err != nil { | if err != nil { | ||||
| @@ -365,7 +365,7 @@ func TestCipherSuitePreference(t *testing.T) { | |||||
| clientConfig := &Config{ | clientConfig := &Config{ | ||||
| CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, | ||||
| InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
| MinVersion: VersionTLS10, | |||||
| MinVersion: VersionTLS10, | |||||
| } | } | ||||
| state, _, err := testHandshake(clientConfig, serverConfig) | state, _, err := testHandshake(clientConfig, serverConfig) | ||||
| if err != nil { | if err != nil { | ||||
| @@ -426,7 +426,7 @@ func TestCrossVersionResume(t *testing.T) { | |||||
| InsecureSkipVerify: true, | InsecureSkipVerify: true, | ||||
| ClientSessionCache: NewLRUClientSessionCache(1), | ClientSessionCache: NewLRUClientSessionCache(1), | ||||
| ServerName: "servername", | ServerName: "servername", | ||||
| MinVersion: VersionTLS10, | |||||
| MinVersion: VersionTLS10, | |||||
| } | } | ||||
| // Establish a session at TLS 1.1. | // Establish a session at TLS 1.1. | ||||
| @@ -998,13 +998,13 @@ func TestResumptionDisabled(t *testing.T) { | |||||
| func TestFallbackSCSV(t *testing.T) { | func TestFallbackSCSV(t *testing.T) { | ||||
| serverConfig := Config{ | serverConfig := Config{ | ||||
| Certificates: testConfig.Certificates, | Certificates: testConfig.Certificates, | ||||
| MinVersion: VersionTLS10, | |||||
| MinVersion: VersionTLS10, | |||||
| } | } | ||||
| test := &serverTest{ | test := &serverTest{ | ||||
| name: "FallbackSCSV", | name: "FallbackSCSV", | ||||
| config: &serverConfig, | config: &serverConfig, | ||||
| // OpenSSL 1.0.1j is needed for the -fallback_scsv option. | // OpenSSL 1.0.1j is needed for the -fallback_scsv option. | ||||
| command: []string{"openssl", "s_client", "-fallback_scsv"}, | |||||
| command: []string{"openssl", "s_client", "-fallback_scsv"}, | |||||
| expectHandshakeErrorIncluding: "inappropriate protocol fallback", | expectHandshakeErrorIncluding: "inappropriate protocol fallback", | ||||
| } | } | ||||
| runServerTestTLS11(t, test) | runServerTestTLS11(t, test) | ||||