var pemOut bytes.Buffer
pem.Encode(&pemOut, &pem.Block{Type: pemType + " PRIVATE KEY", Bytes: derBytes})
- keyPath := tempFile(string(pemOut.Bytes()))
+ keyPath := tempFile(pemOut.String())
defer os.Remove(keyPath)
var command []string
}
clientConn = recordingConn
} else {
- clientConn, serverConn = net.Pipe()
+ clientConn, serverConn = localPipe(t)
}
config := test.config
}
testResumeState := func(test string, didResume bool) {
- _, hs, err := testHandshake(clientConfig, serverConfig)
+ _, hs, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("%s: handshake failed: %s", test, err)
}
serverConfig := testConfig.Clone()
serverConfig.KeyLogWriter = &serverBuf
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
go func() {
}
}
- checkKeylogLine("client", string(clientBuf.Bytes()))
- checkKeylogLine("server", string(serverBuf.Bytes()))
+ checkKeylogLine("client", clientBuf.String())
+ checkKeylogLine("server", serverBuf.String())
}
func TestHandshakeClientALPNMatch(t *testing.T) {
func TestHostnameInSNI(t *testing.T) {
for _, tt := range hostnameInSNITests {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func(host string) {
Client(c, &Config{ServerName: host, InsecureSkipVerify: true}).Handshake()
// This checks that the server can't select a cipher suite that the
// client didn't offer. See #13174.
- c, s := net.Pipe()
+ c, s := localPipe(t)
errChan := make(chan error, 1)
go func() {
}
for i, test := range tests {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan error)
var clientCalled, serverCalled bool
func TestFailedWrite(t *testing.T) {
// Test that a write error during the handshake is returned.
for _, breakAfter := range []int{0, 1} {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
go func() {
}
func TestBuffering(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
clientWCC := &writeCountingConn{Conn: c}
}
func TestAlertFlushing(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan bool)
clientWCC := &writeCountingConn{Conn: c}
// order to provide some evidence that there are no races or deadlocks
// in the handshake locking.
for i := 0; i < 32; i++ {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
server := Server(s, testConfig)
go func() {
<-startRead
var reply [1]byte
- if n, err := client.Read(reply[:]); err != nil || n != 1 {
+ if _, err := io.ReadFull(client, reply[:]); err != nil {
panic(err)
}
c.Close()
err error
}
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan serverResult)
go func() {
}
func TestCloseClientConnectionOnIdleServer(t *testing.T) {
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(t)
client := Client(clientConn, testConfig.Clone())
go func() {
var b [1]byte
client.SetWriteDeadline(time.Now().Add(time.Second))
err := client.Handshake()
if err != nil {
- if !strings.Contains(err.Error(), "read/write on closed pipe") {
- t.Errorf("Error expected containing 'read/write on closed pipe' but got '%s'", err.Error())
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ t.Errorf("Expected a closed network connection error but got '%s'", err.Error())
}
} else {
t.Errorf("Error expected, but no error returned")
}
func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) {
- // Create in-memory network connection,
- // send message to server. Should return
- // expected error.
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
cli := Client(c, testConfig)
if ch, ok := m.(*clientHelloMsg); ok {
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
}
- var buf []byte
- c, s := net.Pipe()
+ bufChan := make(chan []byte)
+ c, s := localPipe(t)
go func() {
cli := Client(c, testConfig)
cli.vers = clientHello.vers
cli.writeRecord(recordTypeHandshake, clientHello.marshal())
- buf = make([]byte, 1024)
+ buf := make([]byte, 1024)
n, err := c.Read(buf)
if err != nil {
t.Errorf("Server read returned error: %s", err)
return
}
- buf = buf[:n]
c.Close()
+ bufChan <- buf[:n]
}()
Server(s, testConfig).Handshake()
+ buf := <-bufChan
if len(buf) < 5+4 {
t.Fatalf("Server returned short message of length %d", len(buf))
supportedPoints: []uint8{pointFormatUncompressed},
}
- c, s := net.Pipe()
- var reply interface{}
- var clientErr error
+ c, s := localPipe(t)
+ replyChan := make(chan interface{})
go func() {
cli := Client(c, testConfig)
cli.vers = clientHello.vers
cli.writeRecord(recordTypeHandshake, clientHello.marshal())
- reply, clientErr = cli.readHandshake()
+ reply, err := cli.readHandshake()
c.Close()
+ if err != nil {
+ replyChan <- err
+ } else {
+ replyChan <- reply
+ }
}()
config := testConfig.Clone()
config.CipherSuites = clientHello.cipherSuites
Server(s, config).Handshake()
s.Close()
- if clientErr != nil {
- t.Fatal(clientErr)
+ reply := <-replyChan
+ if err, ok := reply.(error); ok {
+ t.Fatal(err)
}
serverHello, ok := reply.(*serverHelloMsg)
if !ok {
}
func TestAlertForwarding(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
Client(c, testConfig).sendAlert(alertUnknownCA)
c.Close()
}
func TestClose(t *testing.T) {
- c, s := net.Pipe()
+ c, s := localPipe(t)
go c.Close()
err := Server(s, testConfig).Handshake()
}
}
-func testHandshake(clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
- c, s := net.Pipe()
+func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
+ c, s := localPipe(t)
done := make(chan bool)
go func() {
cli := Client(c, clientConfig)
clientConfig := &Config{
InsecureSkipVerify: true,
}
- state, _, err := testHandshake(clientConfig, serverConfig)
+ state, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA},
InsecureSkipVerify: true,
}
- state, _, err := testHandshake(clientConfig, serverConfig)
+ state, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
}
serverConfig.PreferServerCipherSuites = true
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
clientConfig := &Config{
InsecureSkipVerify: true,
}
- _, state, err := testHandshake(clientConfig, serverConfig)
+ _, state, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
// Establish a session at TLS 1.1.
clientConfig.MaxVersion = VersionTLS11
- _, _, err := testHandshake(clientConfig, serverConfig)
+ _, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
// The client session cache now contains a TLS 1.1 session.
- state, _, err := testHandshake(clientConfig, serverConfig)
+ state, _, err := testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
// Test that the server will decline to resume at a lower version.
clientConfig.MaxVersion = VersionTLS10
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
}
// The client session cache now contains a TLS 1.0 session.
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
// Test that the server will decline to resume at a higher version.
clientConfig.MaxVersion = VersionTLS11
- state, _, err = testHandshake(clientConfig, serverConfig)
+ state, _, err = testHandshake(t, clientConfig, serverConfig)
if err != nil {
t.Fatalf("handshake failed: %s", err)
}
}
serverConn = recordingConn
} else {
- clientConn, serverConn = net.Pipe()
+ clientConn, serverConn = localPipe(t)
}
config := test.config
if config == nil {
nameToCert := config.NameToCertificate
config.NameToCertificate = nil
config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
- cert, _ := nameToCert[clientHello.ServerName]
+ cert := nameToCert[clientHello.ServerName]
return cert, nil
}
test := &serverTest{
config.Certificates[0].PrivateKey = key
config.BuildNameToCertificate()
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(b)
serverConn = &recordingConn{Conn: serverConn}
go func() {
client := Client(clientConn, testConfig)
flows := serverConn.(*recordingConn).flows
feeder := make(chan struct{})
- clientConn, serverConn = net.Pipe()
+ clientConn, serverConn = localPipe(b)
go func() {
for range feeder {
ff := make([]byte, len(f))
n, err := io.ReadFull(clientConn, ff)
if err != nil {
- b.Fatalf("#%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", i+1, err, n, len(ff), ff[:n], f)
+ b.Errorf("#%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", i+1, err, n, len(ff), ff[:n], f)
}
if !bytes.Equal(f, ff) {
- b.Fatalf("#%d: mismatch on read: got:%x want:%x", i+1, ff, f)
+ b.Errorf("#%d: mismatch on read: got:%x want:%x", i+1, ff, f)
}
}
}
// Erase the server's cipher suites to ensure the handshake fails.
serverConfig.CipherSuites = nil
- c, s := net.Pipe()
+ c, s := localPipe(t)
go func() {
cli := Client(c, testConfig)
cli.vers = clientHello.vers
configReturned = config
return config, err
}
- c, s := net.Pipe()
+ c, s := localPipe(t)
done := make(chan error)
go func() {
var testP256PrivateKey, _ = x509.ParseECPrivateKey(fromHex("30770201010420012f3b52bc54c36ba3577ad45034e2e8efe1e6999851284cb848725cfe029991a00a06082a8648ce3d030107a14403420004c02c61c9b16283bbcc14956d886d79b358aa614596975f78cece787146abf74c2d5dc578c0992b4f3c631373479ebf3892efe53d21c4f4f1cc9a11c3536b7f75"))
func TestCloseServerConnectionOnIdleClient(t *testing.T) {
- clientConn, serverConn := net.Pipe()
+ clientConn, serverConn := localPipe(t)
server := Server(serverConn, testConfig.Clone())
go func() {
clientConn.Write([]byte{'0'})
server.SetReadDeadline(time.Now().Add(time.Second))
err := server.Handshake()
if err != nil {
- if !strings.Contains(err.Error(), "read/write on closed pipe") {
- t.Errorf("Error expected containing 'read/write on closed pipe' but got '%s'", err.Error())
+ if err, ok := err.(net.Error); ok && err.Timeout() {
+ t.Errorf("Expected a closed network connection error but got '%s'", err.Error())
}
} else {
t.Errorf("Error expected, but no error returned")