Beispiel #1
0
func TestTLSServer(t *testing.T) {
	ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
		fmt.Fprintf(w, "tls=%v", r.TLS != nil)
	}))
	defer ts.Close()
	if !strings.HasPrefix(ts.URL, "https://") {
		t.Fatalf("expected test TLS server to start with https://, got %q", ts.URL)
	}
	res, err := Get(ts.URL)
	if err != nil {
		t.Error(err)
	}
	if res == nil {
		t.Fatalf("got nil Response")
	}
	if res.Body == nil {
		t.Fatalf("got nil Response.Body")
	}
	body, err := ioutil.ReadAll(res.Body)
	if err != nil {
		t.Error(err)
	}
	if e, g := "tls=true", string(body); e != g {
		t.Errorf("expected body %q; got %q", e, g)
	}
}
Beispiel #2
0
func TestTLSServer(t *testing.T) {
	ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
		if r.TLS != nil {
			w.Header().Set("X-TLS-Set", "true")
			if r.TLS.HandshakeComplete {
				w.Header().Set("X-TLS-HandshakeComplete", "true")
			}
		}
	}))
	defer ts.Close()
	if !strings.HasPrefix(ts.URL, "https://") {
		t.Fatalf("expected test TLS server to start with https://, got %q", ts.URL)
	}
	res, err := Get(ts.URL)
	if err != nil {
		t.Fatal(err)
	}
	if res == nil {
		t.Fatalf("got nil Response")
	}
	defer res.Body.Close()
	if res.Header.Get("X-TLS-Set") != "true" {
		t.Errorf("expected X-TLS-Set response header")
	}
	if res.Header.Get("X-TLS-HandshakeComplete") != "true" {
		t.Errorf("expected X-TLS-HandshakeComplete header")
	}
}
Beispiel #3
0
func TestTLSServer(t *testing.T) {
	ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
		if r.TLS != nil {
			w.Header().Set("X-TLS-Set", "true")
			if r.TLS.HandshakeComplete {
				w.Header().Set("X-TLS-HandshakeComplete", "true")
			}
		}
	}))
	defer ts.Close()

	// Connect an idle TCP connection to this server before we run
	// our real tests.  This idle connection used to block forever
	// in the TLS handshake, preventing future connections from
	// being accepted. It may prevent future accidental blocking
	// in newConn.
	idleConn, err := net.Dial("tcp", ts.Listener.Addr().String())
	if err != nil {
		t.Fatalf("Dial: %v", err)
	}
	defer idleConn.Close()
	goTimeout(t, 10e9, func() {
		if !strings.HasPrefix(ts.URL, "https://") {
			t.Errorf("expected test TLS server to start with https://, got %q", ts.URL)
			return
		}
		noVerifyTransport := &Transport{
			TLSClientConfig: &tls.Config{
				InsecureSkipVerify: true,
			},
		}
		client := &Client{Transport: noVerifyTransport}
		res, err := client.Get(ts.URL)
		if err != nil {
			t.Error(err)
			return
		}
		if res == nil {
			t.Errorf("got nil Response")
			return
		}
		defer res.Body.Close()
		if res.Header.Get("X-TLS-Set") != "true" {
			t.Errorf("expected X-TLS-Set response header")
			return
		}
		if res.Header.Get("X-TLS-HandshakeComplete") != "true" {
			t.Errorf("expected X-TLS-HandshakeComplete header")
		}
	})
}
Beispiel #4
0
func TestClientInsecureTransport(t *testing.T) {
	ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
		w.Write([]byte("Hello"))
	}))
	defer ts.Close()

	// TODO(bradfitz): add tests for skipping hostname checks too?
	// would require a new cert for testing, and probably
	// redundant with these tests.
	for _, insecure := range []bool{true, false} {
		tr := &Transport{
			TLSClientConfig: &tls.Config{
				InsecureSkipVerify: insecure,
			},
		}
		c := &Client{Transport: tr}
		_, err := c.Get(ts.URL)
		if (err == nil) != insecure {
			t.Errorf("insecure=%v: got unexpected err=%v", insecure, err)
		}
	}
}