MaxVersion: version,
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Certificates: testCertificates,
+ Time: testTime,
}
issuer, err := x509.ParseCertificate(testRSA2048CertificateIssuer)
ClientSessionCache: NewLRUClientSessionCache(32),
RootCAs: rootCAs,
ServerName: "example.golang",
+ Time: testTime,
}
testResumeState := func(test string, didResume bool) {
// An old session ticket is replaced with a ticket encrypted with a fresh key.
ticket = getTicket()
- serverConfig.Time = func() time.Time { return time.Now().Add(24*time.Hour + time.Minute) }
+ serverConfig.Time = func() time.Time { return testTime().Add(24*time.Hour + time.Minute) }
testResumeState("ResumeWithOldTicket", true)
if bytes.Equal(ticket, getTicket()) {
t.Fatal("old first ticket matches the fresh one")
// Once the session master secret is expired, a full handshake should occur.
ticket = getTicket()
- serverConfig.Time = func() time.Time { return time.Now().Add(24*8*time.Hour + time.Minute) }
+ serverConfig.Time = func() time.Time { return testTime().Add(24*8*time.Hour + time.Minute) }
testResumeState("ResumeWithExpiredTicket", false)
if bytes.Equal(ticket, getTicket()) {
t.Fatal("expired first ticket matches the fresh one")
}
- serverConfig.Time = func() time.Time { return time.Now() } // reset the time back
+ serverConfig.Time = testTime // reset the time back
key1 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key1})
testResumeState("KeyChangeFinish", true)
// Age the session ticket a bit, but not yet expired.
- serverConfig.Time = func() time.Time { return time.Now().Add(24*time.Hour + time.Minute) }
+ serverConfig.Time = func() time.Time { return testTime().Add(24*time.Hour + time.Minute) }
testResumeState("OldSessionTicket", true)
ticket = getTicket()
// Expire the session ticket, which would force a full handshake.
- serverConfig.Time = func() time.Time { return time.Now().Add(24*8*time.Hour + time.Minute) }
+ serverConfig.Time = func() time.Time { return testTime().Add(24*8*time.Hour + 2*time.Minute) }
testResumeState("ExpiredSessionTicket", false)
if bytes.Equal(ticket, getTicket()) {
t.Fatal("new ticket wasn't provided after old ticket expired")
// Age the session ticket a bit at a time, but don't expire it.
d := 0 * time.Hour
- serverConfig.Time = func() time.Time { return time.Now().Add(d) }
+ serverConfig.Time = func() time.Time { return testTime().Add(d) }
deleteTicket()
testResumeState("GetFreshSessionTicket", false)
for i := 0; i < 13; i++ {
// handshake occurs for TLS 1.2. Resumption should still occur for
// TLS 1.3 since the client should be using a fresh ticket sent over
// by the server.
- d += 12 * time.Hour
+ d += 12*time.Hour + time.Minute
if version == VersionTLS13 {
testResumeState("ExpiredSessionTicket", true)
} else {
MaxVersion: version,
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Certificates: testCertificates,
+ Time: testTime,
}
serverConfig.SetSessionTicketKeys([][32]byte{key2})
CurvePreferences: []CurveID{CurveP521, CurveP384, CurveP256},
MaxVersion: version,
Certificates: testCertificates,
+ Time: testTime,
}
testResumeState("InitialHandshake", false)
testResumeState("WithHelloRetryRequest", true)
MaxVersion: version,
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
Certificates: testCertificates,
+ Time: testTime,
}
}
serverConfig := &Config{
MaxVersion: version,
Certificates: testCertificates,
+ Time: testTime,
ClientCAs: rootCAs,
NextProtos: []string{"protocol1"},
}
RootCAs: rootCAs,
ServerName: "example.golang",
Certificates: testCertificates,
+ Time: testTime,
NextProtos: []string{"protocol1"},
}
test.configureClient(clientConfig, &clientCalled)
rootCAs := x509.NewCertPool()
rootCAs.AddCert(issuer)
- now := func() time.Time { return time.Unix(1476984729, 0) }
-
sentinelErr := errors.New("TestVerifyPeerCertificate")
verifyPeerCertificateCallback := func(called *bool, rawCerts [][]byte, validatedChains [][]*x509.Certificate) error {
config.ServerName = "example.golang"
config.ClientAuth = RequireAndVerifyClientCert
config.ClientCAs = rootCAs
- config.Time = now
+ config.Time = testTime
config.MaxVersion = version
config.Certificates = make([]Certificate, 1)
config.Certificates[0].Certificate = [][]byte{testRSA2048Certificate}
config.Certificates = []Certificate{{Certificate: [][]byte{testRSA2048Certificate}, PrivateKey: testRSA2048PrivateKey}}
config.ServerName = "example.golang"
config.RootCAs = rootCAs
- config.Time = now
+ config.Time = testTime
config.MaxVersion = version
test.configureClient(config, &clientCalled)
clientErr := Client(c, config).Handshake()
serverConfig.RootCAs = x509.NewCertPool()
serverConfig.RootCAs.AddCert(issuer)
serverConfig.ClientCAs = serverConfig.RootCAs
- serverConfig.Time = func() time.Time { return time.Unix(1476984729, 0) }
+ serverConfig.Time = testTime
serverConfig.MaxVersion = version
clientConfig := testConfig.Clone()
ClientSessionCache: NewLRUClientSessionCache(32),
ServerName: "example.golang",
RootCAs: roots,
+ Time: testTime,
}
serverConfig := testConfig.Clone()
serverConfig.Certificates = []Certificate{{Certificate: [][]byte{testRSA2048Certificate}, PrivateKey: testRSA2048PrivateKey}}