- Multiple GetCertificate tests shared the same name and were overwriting each other, each test now has a unique name. - expectAlert was not implemented in the data updater, the single test that used it has been replaced with a ClientHello failure test. Fixes #10470 Change-Id: I500738f6302ffa863d7ee45d85fa8773155e0614 Reviewed-on: https://go-review.googlesource.com/8959 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org>tls13
@@ -385,9 +385,6 @@ type serverTest struct { | |||
expectedPeerCerts []string | |||
// config, if not nil, contains a custom Config to use for this test. | |||
config *Config | |||
// expectAlert, if true, indicates that a fatal alert should be returned | |||
// when handshaking with the server. | |||
expectAlert bool | |||
// expectHandshakeErrorIncluding, when not empty, contains a string | |||
// that must be a substring of the error resulting from the handshake. | |||
expectHandshakeErrorIncluding string | |||
@@ -512,9 +509,7 @@ func (test *serverTest) run(t *testing.T, write bool) { | |||
if !write { | |||
flows, err := test.loadData() | |||
if err != nil { | |||
if !test.expectAlert { | |||
t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) | |||
} | |||
t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) | |||
} | |||
for i, b := range flows { | |||
if i%2 == 0 { | |||
@@ -523,17 +518,11 @@ func (test *serverTest) run(t *testing.T, write bool) { | |||
} | |||
bb := make([]byte, len(b)) | |||
n, err := io.ReadFull(clientConn, bb) | |||
if test.expectAlert { | |||
if err == nil { | |||
t.Fatal("Expected read failure but read succeeded") | |||
} | |||
} else { | |||
if err != nil { | |||
t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) | |||
} | |||
if !bytes.Equal(b, bb) { | |||
t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) | |||
} | |||
if err != nil { | |||
t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) | |||
} | |||
if !bytes.Equal(b, bb) { | |||
t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) | |||
} | |||
} | |||
clientConn.Close() | |||
@@ -735,7 +724,7 @@ func TestHandshakeServerSNIGetCertificate(t *testing.T) { | |||
return cert, nil | |||
} | |||
test := &serverTest{ | |||
name: "SNI", | |||
name: "SNI-GetCertificate", | |||
command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, | |||
config: &config, | |||
} | |||
@@ -753,7 +742,7 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { | |||
return nil, nil | |||
} | |||
test := &serverTest{ | |||
name: "SNI", | |||
name: "SNI-GetCertificateNotFound", | |||
command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, | |||
config: &config, | |||
} | |||
@@ -763,18 +752,20 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { | |||
// TestHandshakeServerSNICertForNameError tests to make sure that errors in | |||
// GetCertificate result in a tls alert. | |||
func TestHandshakeServerSNIGetCertificateError(t *testing.T) { | |||
config := *testConfig | |||
const errMsg = "TestHandshakeServerSNIGetCertificateError error" | |||
config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { | |||
return nil, fmt.Errorf("Test error in GetCertificate") | |||
serverConfig := *testConfig | |||
serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { | |||
return nil, errors.New(errMsg) | |||
} | |||
test := &serverTest{ | |||
name: "SNI", | |||
command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, | |||
config: &config, | |||
expectAlert: true, | |||
clientHello := &clientHelloMsg{ | |||
vers: 0x0301, | |||
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, | |||
compressionMethods: []uint8{0}, | |||
serverName: "test", | |||
} | |||
runServerTestTLS12(t, test) | |||
testClientHelloFailure(t, &serverConfig, clientHello, errMsg) | |||
} | |||
// TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with | |||
@@ -0,0 +1,76 @@ | |||
>>> Flow 1 (client to server) | |||
00000000 16 03 01 00 6f 01 00 00 6b 03 03 6a 01 e6 6b 95 |....o...k..j..k.| | |||
00000010 30 a8 26 2a ba 53 dd 79 6e 54 fa 69 ee e0 23 d8 |0.&*.S.ynT.i..#.| | |||
00000020 1c 9e 7a 9a ea 7d 13 30 c1 00 d6 00 00 04 00 2f |..z..}.0......./| | |||
00000030 00 ff 02 01 00 00 3d 00 00 00 10 00 0e 00 00 0b |......=.........| | |||
00000040 73 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 |snitest.com... .| | |||
00000050 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................| | |||
00000060 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................| | |||
00000070 0f 00 01 01 |....| | |||
>>> Flow 2 (server to client) | |||
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| | |||
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| | |||
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| | |||
00000030 05 ff 01 00 01 00 16 03 03 02 00 0b 00 01 fc 00 |................| | |||
00000040 01 f9 00 01 f6 30 82 01 f2 30 82 01 5d a0 03 02 |.....0...0..]...| | |||
00000050 01 02 02 01 00 30 0b 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| | |||
00000060 01 05 30 28 31 10 30 0e 06 03 55 04 0a 13 07 41 |..0(1.0...U....A| | |||
00000070 63 6d 65 20 43 6f 31 14 30 12 06 03 55 04 03 13 |cme Co1.0...U...| | |||
00000080 0b 73 6e 69 74 65 73 74 2e 63 6f 6d 30 1e 17 0d |.snitest.com0...| | |||
00000090 31 32 30 34 31 31 31 37 34 30 33 35 5a 17 0d 31 |120411174035Z..1| | |||
000000a0 33 30 34 31 31 31 37 34 35 33 35 5a 30 28 31 10 |30411174535Z0(1.| | |||
000000b0 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| | |||
000000c0 31 14 30 12 06 03 55 04 03 13 0b 73 6e 69 74 65 |1.0...U....snite| | |||
000000d0 73 74 2e 63 6f 6d 30 81 9d 30 0b 06 09 2a 86 48 |st.com0..0...*.H| | |||
000000e0 86 f7 0d 01 01 01 03 81 8d 00 30 81 89 02 81 81 |..........0.....| | |||
000000f0 00 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 |..y......F...i..| | |||
00000100 2b 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 |+.CZ..-.zC...R..| | |||
00000110 65 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e |eL,x.#........;~| | |||
00000120 62 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa |b.,.3...\zV.....| | |||
00000130 58 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 |X{&?......!.J..T| | |||
00000140 9f 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d |.Z..Bq......~.}}| | |||
00000150 f1 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 |..9....Q.|..L;2f| | |||
00000160 01 cf af b1 1d b8 71 9a 1d db db 89 6b ae da 2d |......q.....k..-| | |||
00000170 79 02 03 01 00 01 a3 32 30 30 30 0e 06 03 55 1d |y......2000...U.| | |||
00000180 0f 01 01 ff 04 04 03 02 00 a0 30 0d 06 03 55 1d |..........0...U.| | |||
00000190 0e 04 06 04 04 01 02 03 04 30 0f 06 03 55 1d 23 |.........0...U.#| | |||
000001a0 04 08 30 06 80 04 01 02 03 04 30 0b 06 09 2a 86 |..0.......0...*.| | |||
000001b0 48 86 f7 0d 01 01 05 03 81 81 00 89 c6 45 5f 1c |H............E_.| | |||
000001c0 1f 5e f8 eb 1a b1 74 ee 24 39 05 9f 5c 42 59 bb |.^....t.$9..\BY.| | |||
000001d0 1a 8d 86 cd b1 d0 56 f5 6a 71 7d a4 0e 95 ab 90 |......V.jq}.....| | |||
000001e0 f5 9e 8d ea f6 27 c1 57 99 50 94 db 08 02 26 6e |.....'.W.P....&n| | |||
000001f0 b3 4f c6 84 2d ea 8a 4b 68 d9 c1 38 91 03 ab 84 |.O..-..Kh..8....| | |||
00000200 fb 9e 1f 85 d9 b5 d2 3f f2 31 2c 86 70 fb b5 40 |.......?.1,.p..@| | |||
00000210 14 82 45 a4 eb af e2 64 d9 0c 8a 4c f4 f8 5b 0f |..E....d...L..[.| | |||
00000220 ac 12 ac 2f c4 a3 15 4b ad 52 46 28 68 af 96 c6 |.../...K.RF(h...| | |||
00000230 2c 65 25 d6 52 b6 e3 18 45 bd cc 16 03 03 00 04 |,e%.R...E.......| | |||
00000240 0e 00 00 00 |....| | |||
>>> Flow 3 (client to server) | |||
00000000 16 03 03 00 86 10 00 00 82 00 80 03 e1 70 db fd |.............p..| | |||
00000010 a5 69 b6 da ef 2a 3b 81 4a 2a bc 21 fb ae a2 31 |.i...*;.J*.!...1| | |||
00000020 ac d9 34 f0 62 ff da 86 9c b1 c6 e1 cd 63 dc 42 |..4.b........c.B| | |||
00000030 9a 72 b2 cf 6c 6a e0 f5 30 b7 7e 9e 4e a1 fe 64 |.r..lj..0.~.N..d| | |||
00000040 f8 a3 f6 f2 d1 44 3a 82 5a 39 c1 ac 29 22 f7 90 |.....D:.Z9..)"..| | |||
00000050 71 ee 2e 62 c1 1a 22 6f 00 7d 73 4c e4 a3 d2 9a |q..b.."o.}sL....| | |||
00000060 a4 34 4d fb 68 8e 99 91 e3 6d 14 f2 ac 4d 36 60 |.4M.h....m...M6`| | |||
00000070 9b 79 26 4b ff cf 80 3b 8d 8a 04 20 86 73 bb ff |.y&K...;... .s..| | |||
00000080 c3 99 22 04 89 0c 2c 65 a0 d6 4d 14 03 03 00 01 |.."...,e..M.....| | |||
00000090 01 16 03 03 00 40 a9 0b 6e 2d 74 2a ae 5e c3 36 |.....@..n-t*.^.6| | |||
000000a0 50 80 8a d0 81 b6 b4 76 56 39 c0 b6 f8 d9 d6 fb |P......vV9......| | |||
000000b0 bb 24 2d 82 ec 9f f7 d3 4d 9d e1 78 df ea 6a 0a |.$-.....M..x..j.| | |||
000000c0 59 e8 b2 36 31 8e 70 eb 3e e5 e9 1b 9d f3 d7 09 |Y..61.p.>.......| | |||
000000d0 9b 80 55 b5 e4 e4 |..U...| | |||
>>> Flow 4 (server to client) | |||
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| | |||
00000010 00 00 00 00 00 00 00 00 00 00 00 a4 81 32 49 09 |.............2I.| | |||
00000020 07 8c 05 d1 1c 18 fe ca d7 b8 7f 66 b0 42 2b 6d |...........f.B+m| | |||
00000030 5a cc 72 01 3e 75 3c 23 a2 b7 56 64 b2 b3 0f 1d |Z.r.>u<#..Vd....| | |||
00000040 ce a7 02 f7 88 bf 78 93 37 85 12 17 03 03 00 40 |......x.7......@| | |||
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| | |||
00000060 49 b3 f9 ba be 6f df 65 cd 37 79 07 57 40 a4 30 |I....o.e.7y.W@.0| | |||
00000070 f1 f6 d7 2e 87 d2 bd 5c f9 cf 13 c5 91 eb 0c 41 |.......\.......A| | |||
00000080 c3 13 fb b2 de 0c 59 a9 1e e4 d5 b2 ea 4f 88 df |......Y......O..| | |||
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| | |||
000000a0 00 00 00 00 00 b2 e1 cb 94 94 30 e1 da 42 ea df |..........0..B..| | |||
000000b0 fc 8d 54 8d b2 d9 3b 33 4e 53 98 e9 14 e3 c1 d9 |..T...;3NS......| | |||
000000c0 de b8 e5 51 ca |...Q.| |
@@ -0,0 +1,76 @@ | |||
>>> Flow 1 (client to server) | |||
00000000 16 03 01 00 6f 01 00 00 6b 03 03 3d 70 50 1f cc |....o...k..=pP..| | |||
00000010 5b 7a b5 67 c2 fc e8 65 a9 3d 7c 2a 93 ef 0d 41 |[z.g...e.=|*...A| | |||
00000020 a1 7d 78 a8 af 7d 70 af ce 1b 0e 00 00 04 00 2f |.}x..}p......../| | |||
00000030 00 ff 02 01 00 00 3d 00 00 00 10 00 0e 00 00 0b |......=.........| | |||
00000040 73 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 |snitest.com... .| | |||
00000050 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................| | |||
00000060 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................| | |||
00000070 0f 00 01 01 |....| | |||
>>> Flow 2 (server to client) | |||
00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| | |||
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| | |||
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| | |||
00000030 05 ff 01 00 01 00 16 03 03 02 00 0b 00 01 fc 00 |................| | |||
00000040 01 f9 00 01 f6 30 82 01 f2 30 82 01 5d a0 03 02 |.....0...0..]...| | |||
00000050 01 02 02 01 00 30 0b 06 09 2a 86 48 86 f7 0d 01 |.....0...*.H....| | |||
00000060 01 05 30 28 31 10 30 0e 06 03 55 04 0a 13 07 41 |..0(1.0...U....A| | |||
00000070 63 6d 65 20 43 6f 31 14 30 12 06 03 55 04 03 13 |cme Co1.0...U...| | |||
00000080 0b 73 6e 69 74 65 73 74 2e 63 6f 6d 30 1e 17 0d |.snitest.com0...| | |||
00000090 31 32 30 34 31 31 31 37 34 30 33 35 5a 17 0d 31 |120411174035Z..1| | |||
000000a0 33 30 34 31 31 31 37 34 35 33 35 5a 30 28 31 10 |30411174535Z0(1.| | |||
000000b0 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 6f |0...U....Acme Co| | |||
000000c0 31 14 30 12 06 03 55 04 03 13 0b 73 6e 69 74 65 |1.0...U....snite| | |||
000000d0 73 74 2e 63 6f 6d 30 81 9d 30 0b 06 09 2a 86 48 |st.com0..0...*.H| | |||
000000e0 86 f7 0d 01 01 01 03 81 8d 00 30 81 89 02 81 81 |..........0.....| | |||
000000f0 00 bb 79 d6 f5 17 b5 e5 bf 46 10 d0 dc 69 be e6 |..y......F...i..| | |||
00000100 2b 07 43 5a d0 03 2d 8a 7a 43 85 b7 14 52 e7 a5 |+.CZ..-.zC...R..| | |||
00000110 65 4c 2c 78 b8 23 8c b5 b4 82 e5 de 1f 95 3b 7e |eL,x.#........;~| | |||
00000120 62 a5 2c a5 33 d6 fe 12 5c 7a 56 fc f5 06 bf fa |b.,.3...\zV.....| | |||
00000130 58 7b 26 3f b5 cd 04 d3 d0 c9 21 96 4a c7 f4 54 |X{&?......!.J..T| | |||
00000140 9f 5a bf ef 42 71 00 fe 18 99 07 7f 7e 88 7d 7d |.Z..Bq......~.}}| | |||
00000150 f1 04 39 c4 a2 2e db 51 c9 7c e3 c0 4c 3b 32 66 |..9....Q.|..L;2f| | |||
00000160 01 cf af b1 1d b8 71 9a 1d db db 89 6b ae da 2d |......q.....k..-| | |||
00000170 79 02 03 01 00 01 a3 32 30 30 30 0e 06 03 55 1d |y......2000...U.| | |||
00000180 0f 01 01 ff 04 04 03 02 00 a0 30 0d 06 03 55 1d |..........0...U.| | |||
00000190 0e 04 06 04 04 01 02 03 04 30 0f 06 03 55 1d 23 |.........0...U.#| | |||
000001a0 04 08 30 06 80 04 01 02 03 04 30 0b 06 09 2a 86 |..0.......0...*.| | |||
000001b0 48 86 f7 0d 01 01 05 03 81 81 00 89 c6 45 5f 1c |H............E_.| | |||
000001c0 1f 5e f8 eb 1a b1 74 ee 24 39 05 9f 5c 42 59 bb |.^....t.$9..\BY.| | |||
000001d0 1a 8d 86 cd b1 d0 56 f5 6a 71 7d a4 0e 95 ab 90 |......V.jq}.....| | |||
000001e0 f5 9e 8d ea f6 27 c1 57 99 50 94 db 08 02 26 6e |.....'.W.P....&n| | |||
000001f0 b3 4f c6 84 2d ea 8a 4b 68 d9 c1 38 91 03 ab 84 |.O..-..Kh..8....| | |||
00000200 fb 9e 1f 85 d9 b5 d2 3f f2 31 2c 86 70 fb b5 40 |.......?.1,.p..@| | |||
00000210 14 82 45 a4 eb af e2 64 d9 0c 8a 4c f4 f8 5b 0f |..E....d...L..[.| | |||
00000220 ac 12 ac 2f c4 a3 15 4b ad 52 46 28 68 af 96 c6 |.../...K.RF(h...| | |||
00000230 2c 65 25 d6 52 b6 e3 18 45 bd cc 16 03 03 00 04 |,e%.R...E.......| | |||
00000240 0e 00 00 00 |....| | |||
>>> Flow 3 (client to server) | |||
00000000 16 03 03 00 86 10 00 00 82 00 80 1c 6d 66 c4 c1 |............mf..| | |||
00000010 92 07 67 6c f7 54 32 70 31 53 89 8d 60 29 d8 df |..gl.T2p1S..`)..| | |||
00000020 8b b9 62 a0 3c 79 e3 67 45 e9 6d 6e f5 9b cd 18 |..b.<y.gE.mn....| | |||
00000030 13 4a 3b 14 11 2b 05 4c e3 8a 7e 03 b5 ca 3d 14 |.J;..+.L..~...=.| | |||
00000040 da 84 6f cd 31 8b 4f 43 62 cf ff 39 a9 c6 95 5d |..o.1.OCb..9...]| | |||
00000050 8a 54 b6 6f eb cf ed e7 05 33 b0 74 03 7e 49 6f |.T.o.....3.t.~Io| | |||
00000060 88 6c c4 7d 3f 63 bd 49 11 57 e8 95 9f 4e ff 6f |.l.}?c.I.W...N.o| | |||
00000070 92 20 fd fe 2b 07 22 ff 03 0a 36 0d 29 c7 21 a9 |. ..+."...6.).!.| | |||
00000080 50 28 73 f9 25 ce eb 16 90 0d d3 14 03 03 00 01 |P(s.%...........| | |||
00000090 01 16 03 03 00 40 f2 b1 15 c1 86 c7 63 b3 52 93 |.....@......c.R.| | |||
000000a0 c2 27 cc 1a 30 9a 59 1b 0c 92 11 ba bc 2b af ca |.'..0.Y......+..| | |||
000000b0 b2 44 66 0f 86 19 2c 38 08 ca ee 40 67 60 21 39 |.Df...,8...@g`!9| | |||
000000c0 03 77 f5 5b c9 2e 62 6d 1a 0c 1e 86 cf 30 a9 89 |.w.[..bm.....0..| | |||
000000d0 ba f9 d7 ff ed 2c |.....,| | |||
>>> Flow 4 (server to client) | |||
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| | |||
00000010 00 00 00 00 00 00 00 00 00 00 00 88 5b 91 f7 4e |............[..N| | |||
00000020 07 30 30 98 88 5c de 79 e0 63 1a 91 17 3a 2f bf |.00..\.y.c...:/.| | |||
00000030 8b 6b 61 f9 56 d7 43 bf 87 42 34 f3 09 b1 5e 67 |.ka.V.C..B4...^g| | |||
00000040 a2 33 0d 15 b8 7d c5 a8 35 50 4f 17 03 03 00 40 |.3...}..5PO....@| | |||
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| | |||
00000060 50 27 94 e0 5a da 24 8f b2 d3 f3 f6 a4 1e f6 ac |P'..Z.$.........| | |||
00000070 b9 2a 48 85 41 f7 84 4c 1e f4 ca aa 90 1f f8 1b |.*H.A..L........| | |||
00000080 2f 53 01 2b 5e 48 82 ab f0 70 ad 4b 8f 5d bd 27 |/S.+^H...p.K.].'| | |||
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| | |||
000000a0 00 00 00 00 00 5c 38 ba 1e 5a 18 9a a0 31 aa 98 |.....\8..Z...1..| | |||
000000b0 68 3e ba 01 42 ee b7 78 1a ed 56 f8 b6 49 a7 4c |h>..B..x..V..I.L| | |||
000000c0 e1 8d dd 1c 9c |.....| |