From 8b98cac45e14f2f6190558b8b0a90d5451e10d4c Mon Sep 17 00:00:00 2001 From: Jovis Date: Wed, 20 Nov 2024 16:46:39 +1100 Subject: [PATCH] Re-enable reflect-to-site for unit test --- tlslistener/clienthelloconn_test.go | 78 ++++++++++++++--------------- 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/tlslistener/clienthelloconn_test.go b/tlslistener/clienthelloconn_test.go index e5d68eaa..857c3879 100644 --- a/tlslistener/clienthelloconn_test.go +++ b/tlslistener/clienthelloconn_test.go @@ -61,47 +61,43 @@ func TestAbortOnHello(t *testing.T) { cfg := &tls.Config{ServerName: "microsoft.com", InsecureSkipVerify: true} conn, err := tls.Dial("tcp", l.Addr().String(), cfg) - // For now, we expect this to work always, even when we're missing a session ticket - // See https://github.com/getlantern/engineering/issues/292#issuecomment-1765268377 + if tc.expectedErr != "" { + require.Error(t, err) + require.Equal(t, tc.expectedErr, err.Error()) + } else { + require.NoError(t, err) + defer conn.Close() + require.Equal(t, "microsoft.com", conn.ConnectionState().PeerCertificates[0].Subject.CommonName) + req, _ := http.NewRequest("GET", "https://microsoft.com", nil) + require.NoError(t, req.Write(conn)) + resp, err := http.ReadResponse(bufio.NewReader(conn), req) + require.NoError(t, err) + require.Equal(t, http.StatusMovedPermanently, resp.StatusCode) + } + + // Now make sure we can't spoof a session ticket. + rawConn, err := net.Dial("tcp", l.Addr().String()) require.NoError(t, err) - conn.Close() - // if tc.expectedErr != "" { - // require.Error(t, err) - // require.Equal(t, tc.expectedErr, err.Error()) - // } else { - // require.NoError(t, err) - // defer conn.Close() - // require.Equal(t, "microsoft.com", conn.ConnectionState().PeerCertificates[0].Subject.CommonName) - // req, _ := http.NewRequest("GET", "https://microsoft.com", nil) - // require.NoError(t, req.Write(conn)) - // resp, err := http.ReadResponse(bufio.NewReader(conn), req) - // require.NoError(t, err) - // require.Equal(t, http.StatusMovedPermanently, resp.StatusCode) - // } - - // // Now make sure we can't spoof a session ticket. - // rawConn, err := net.Dial("tcp", l.Addr().String()) - // require.NoError(t, err) - // ucfg := &utls.Config{ServerName: "microsoft.com"} - // maintainSessionTicketKeyFile("../test/testtickets", "", - // func(keys [][32]byte) { ucfg.SetSessionTicketKeys(keys) }) - // ss := &utls.ClientSessionState{} - // ticket := make([]byte, 120) - // rand.Read(ticket) - // ss.SetSessionTicket(ticket) - // ss.SetVers(tls.VersionTLS12) - - // uconn := utls.UClient(rawConn, ucfg, utls.HelloChrome_Auto) - // uconn.SetSessionState(ss) - // err = uconn.Handshake() - // if tc.expectedErr != "" { - // require.Error(t, err) - // require.Equal(t, tc.expectedErr, err.Error(), tc.response.action) - // } else { - // require.NoError(t, err) - // defer conn.Close() - // require.Equal(t, "microsoft.com", uconn.ConnectionState().PeerCertificates[0].Subject.CommonName) - // } + ucfg := &utls.Config{ServerName: "microsoft.com"} + maintainSessionTicketKeyFile("../test/testtickets", "", + func(keys [][32]byte) { ucfg.SetSessionTicketKeys(keys) }) + ss := &utls.ClientSessionState{} + ticket := make([]byte, 120) + rand.Read(ticket) + ss.SetSessionTicket(ticket) + ss.SetVers(tls.VersionTLS12) + + uconn := utls.UClient(rawConn, ucfg, utls.HelloChrome_Auto) + uconn.SetSessionState(ss) + err = uconn.Handshake() + if tc.expectedErr != "" { + require.Error(t, err) + require.Equal(t, tc.expectedErr, err.Error(), tc.response.action) + } else { + require.NoError(t, err) + defer conn.Close() + require.Equal(t, "microsoft.com", uconn.ConnectionState().PeerCertificates[0].Subject.CommonName) + } }) } } @@ -144,7 +140,7 @@ func TestSuccess(t *testing.T) { // Dial once to obtain a valid session ticket (this is works because we're dialing localhost) ucfg := &utls.Config{ InsecureSkipVerify: true, - // ClientSessionCache: utls.NewLRUClientSessionCache(10), + ClientSessionCache: utls.NewLRUClientSessionCache(10), } conn, err := utls.Dial("tcp", l.Addr().String(), ucfg) require.NoError(t, err)