// tlsConnectionStateString выводит в лог информацию о TLS-соединении.
func tlsConnectionStateString(conn *tls.Conn) string {
var state = conn.ConnectionState()
return fmt.Sprint("Connection state:",
"\n------------------------------------------------------------",
"\n Local Address: ", conn.LocalAddr(),
"\n Remote Address: ", conn.RemoteAddr(),
"\n TLS version: ", state.Version,
"\n Handshake Complete: ", state.HandshakeComplete,
"\n Did Resume: ", state.DidResume,
"\n Cipher Suite: ", state.CipherSuite,
"\n------------------------------------------------------------")
}
func testRoundTrip(t *testing.T, proxy *server.Server, origin *originHandler, checkerFn func(conn net.Conn, proxy *server.Server, originURL *url.URL)) {
var conn net.Conn
var err error
addr := proxy.Addr.String()
if !proxy.Tls {
conn, err = net.Dial("tcp", addr)
log.Debugf("%s -> %s (via HTTP) -> %s", conn.LocalAddr().String(), addr, origin.server.URL)
if !assert.NoError(t, err, "should dial proxy server") {
t.FailNow()
}
} else {
var tlsConn *tls.Conn
x509cert := serverCertificate.X509()
tlsConn, err = tls.Dial("tcp", addr, &tls.Config{
CipherSuites: preferredCipherSuites,
InsecureSkipVerify: true,
})
log.Debugf("%s -> %s (via HTTPS) -> %s", tlsConn.LocalAddr().String(), addr, origin.server.URL)
if !assert.NoError(t, err, "should dial proxy server") {
t.FailNow()
}
conn = tlsConn
if !tlsConn.ConnectionState().PeerCertificates[0].Equal(x509cert) {
if err := tlsConn.Close(); err != nil {
log.Errorf("Error closing chained server connection: %s", err)
}
t.Fatal("Server's certificate didn't match expected")
}
}
defer func() {
assert.NoError(t, conn.Close(), "should close connection")
}()
url, _ := url.Parse(origin.server.URL)
checkerFn(conn, proxy, url)
}