1 // Copyright 2012 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
26 var savedSupportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithmsTLS12
29 // TLS 1.3 is opt-in for Go 1.12, and RSA-PSS is disabled in TLS 1.2, but we
30 // want to run most tests with both enabled. TestTLS13Switch below and the
31 // "PSS-Disabled" recordings test the disabled behavior. See Issue 30055.
32 tls13Support.Do(func() {}) // defuse the sync.Once
33 tls13Support.cached = true
34 supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms
37 var rsaCertPEM = `-----BEGIN CERTIFICATE-----
38 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
39 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
40 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF
41 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
42 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ
43 hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa
44 rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv
45 zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF
46 MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW
47 r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V
48 -----END CERTIFICATE-----
51 var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
52 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo
53 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G
54 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N
55 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW
56 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T
57 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi
58 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
59 -----END RSA PRIVATE KEY-----
62 // keyPEM is the same as rsaKeyPEM, but declares itself as just
63 // "PRIVATE KEY", not "RSA PRIVATE KEY". https://golang.org/issue/4477
64 var keyPEM = `-----BEGIN PRIVATE KEY-----
65 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo
66 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G
67 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N
68 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW
69 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T
70 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi
71 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
72 -----END PRIVATE KEY-----
75 var ecdsaCertPEM = `-----BEGIN CERTIFICATE-----
76 MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
77 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
78 eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG
79 EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk
80 Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR
81 lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl
82 01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8
83 XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo
84 A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb
85 H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1
86 +jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA==
87 -----END CERTIFICATE-----
90 var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS-----
92 -----END EC PARAMETERS-----
93 -----BEGIN EC PRIVATE KEY-----
94 MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0
95 NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL
96 06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz
97 VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q
98 kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==
99 -----END EC PRIVATE KEY-----
102 var keyPairTests = []struct {
107 {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM},
108 {"RSA", rsaCertPEM, rsaKeyPEM},
109 {"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477
112 func TestX509KeyPair(t *testing.T) {
115 for _, test := range keyPairTests {
116 pem = []byte(test.cert + test.key)
117 if _, err := X509KeyPair(pem, pem); err != nil {
118 t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err)
120 pem = []byte(test.key + test.cert)
121 if _, err := X509KeyPair(pem, pem); err != nil {
122 t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err)
127 func TestX509KeyPairErrors(t *testing.T) {
128 _, err := X509KeyPair([]byte(rsaKeyPEM), []byte(rsaCertPEM))
130 t.Fatalf("X509KeyPair didn't return an error when arguments were switched")
132 if subStr := "been switched"; !strings.Contains(err.Error(), subStr) {
133 t.Fatalf("Expected %q in the error when switching arguments to X509KeyPair, but the error was %q", subStr, err)
136 _, err = X509KeyPair([]byte(rsaCertPEM), []byte(rsaCertPEM))
138 t.Fatalf("X509KeyPair didn't return an error when both arguments were certificates")
140 if subStr := "certificate"; !strings.Contains(err.Error(), subStr) {
141 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were certificates, but the error was %q", subStr, err)
144 const nonsensePEM = `
145 -----BEGIN NONSENSE-----
147 -----END NONSENSE-----
150 _, err = X509KeyPair([]byte(nonsensePEM), []byte(nonsensePEM))
152 t.Fatalf("X509KeyPair didn't return an error when both arguments were nonsense")
154 if subStr := "NONSENSE"; !strings.Contains(err.Error(), subStr) {
155 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were nonsense, but the error was %q", subStr, err)
159 func TestX509MixedKeyPair(t *testing.T) {
160 if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil {
161 t.Error("Load of RSA certificate succeeded with ECDSA private key")
163 if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil {
164 t.Error("Load of ECDSA certificate succeeded with RSA private key")
168 func newLocalListener(t testing.TB) net.Listener {
169 ln, err := net.Listen("tcp", "127.0.0.1:0")
171 ln, err = net.Listen("tcp6", "[::1]:0")
179 func TestDialTimeout(t *testing.T) {
181 t.Skip("skipping in short mode")
183 listener := newLocalListener(t)
185 addr := listener.Addr().String()
186 defer listener.Close()
188 complete := make(chan bool)
189 defer close(complete)
192 conn, err := listener.Accept()
201 dialer := &net.Dialer{
202 Timeout: 10 * time.Millisecond,
206 if _, err = DialWithDialer(dialer, "tcp", addr, nil); err == nil {
207 t.Fatal("DialWithTimeout completed successfully")
210 if !isTimeoutError(err) {
211 t.Errorf("resulting error not a timeout: %v\nType %T: %#v", err, err, err)
215 func isTimeoutError(err error) bool {
216 if ne, ok := err.(net.Error); ok {
222 // tests that Conn.Read returns (non-zero, io.EOF) instead of
223 // (non-zero, nil) when a Close (alertCloseNotify) is sitting right
224 // behind the application data in the buffer.
225 func TestConnReadNonzeroAndEOF(t *testing.T) {
226 // This test is racy: it assumes that after a write to a
227 // localhost TCP connection, the peer TCP connection can
228 // immediately read it. Because it's racy, we skip this test
229 // in short mode, and then retry it several times with an
230 // increasing sleep in between our final write (via srv.Close
231 // below) and the following read.
233 t.Skip("skipping in short mode")
236 for delay := time.Millisecond; delay <= 64*time.Millisecond; delay *= 2 {
237 if err = testConnReadNonzeroAndEOF(t, delay); err == nil {
244 func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error {
245 ln := newLocalListener(t)
248 srvCh := make(chan *Conn, 1)
251 sconn, err := ln.Accept()
257 serverConfig := testConfig.Clone()
258 srv := Server(sconn, serverConfig)
259 if err := srv.Handshake(); err != nil {
260 serr = fmt.Errorf("handshake: %v", err)
267 clientConfig := testConfig.Clone()
268 // In TLS 1.3, alerts are encrypted and disguised as application data, so
269 // the opportunistic peek won't work.
270 clientConfig.MaxVersion = VersionTLS12
271 conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
282 buf := make([]byte, 6)
284 srv.Write([]byte("foobar"))
285 n, err := conn.Read(buf)
286 if n != 6 || err != nil || string(buf) != "foobar" {
287 return fmt.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf)
290 srv.Write([]byte("abcdef"))
293 n, err = conn.Read(buf)
294 if n != 6 || string(buf) != "abcdef" {
295 return fmt.Errorf("Read = %d, buf= %q; want 6, abcdef", n, buf)
298 return fmt.Errorf("Second Read error = %v; want io.EOF", err)
303 func TestTLSUniqueMatches(t *testing.T) {
304 ln := newLocalListener(t)
307 serverTLSUniques := make(chan []byte)
309 for i := 0; i < 2; i++ {
310 sconn, err := ln.Accept()
315 serverConfig := testConfig.Clone()
316 serverConfig.MaxVersion = VersionTLS12 // TLSUnique is not defined in TLS 1.3
317 srv := Server(sconn, serverConfig)
318 if err := srv.Handshake(); err != nil {
322 serverTLSUniques <- srv.ConnectionState().TLSUnique
326 clientConfig := testConfig.Clone()
327 clientConfig.ClientSessionCache = NewLRUClientSessionCache(1)
328 conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
332 if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) {
333 t.Error("client and server channel bindings differ")
337 conn, err = Dial("tcp", ln.Addr().String(), clientConfig)
342 if !conn.ConnectionState().DidResume {
343 t.Error("second session did not use resumption")
345 if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) {
346 t.Error("client and server channel bindings differ when session resumption is used")
350 func TestVerifyHostname(t *testing.T) {
351 testenv.MustHaveExternalNetwork(t)
353 c, err := Dial("tcp", "www.google.com:https", nil)
357 if err := c.VerifyHostname("www.google.com"); err != nil {
358 t.Fatalf("verify www.google.com: %v", err)
360 if err := c.VerifyHostname("www.yahoo.com"); err == nil {
361 t.Fatalf("verify www.yahoo.com succeeded")
364 c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true})
368 if err := c.VerifyHostname("www.google.com"); err == nil {
369 t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true")
373 func TestVerifyHostnameResumed(t *testing.T) {
374 t.Run("TLSv12", func(t *testing.T) { testVerifyHostnameResumed(t, VersionTLS12) })
375 t.Run("TLSv13", func(t *testing.T) { testVerifyHostnameResumed(t, VersionTLS13) })
378 func testVerifyHostnameResumed(t *testing.T, version uint16) {
379 testenv.MustHaveExternalNetwork(t)
383 ClientSessionCache: NewLRUClientSessionCache(32),
385 for i := 0; i < 2; i++ {
386 c, err := Dial("tcp", "mail.google.com:https", config)
388 t.Fatalf("Dial #%d: %v", i, err)
390 cs := c.ConnectionState()
391 if i > 0 && !cs.DidResume {
392 t.Fatalf("Subsequent connection unexpectedly didn't resume")
394 if cs.Version != version {
395 t.Fatalf("Unexpectedly negotiated version %x", cs.Version)
397 if cs.VerifiedChains == nil {
398 t.Fatalf("Dial #%d: cs.VerifiedChains == nil", i)
400 if err := c.VerifyHostname("mail.google.com"); err != nil {
401 t.Fatalf("verify mail.google.com #%d: %v", i, err)
403 // Give the client a chance to read the server session tickets.
404 c.SetReadDeadline(time.Now().Add(500 * time.Millisecond))
405 if _, err := c.Read(make([]byte, 1)); err != nil {
406 if err, ok := err.(net.Error); !ok || !err.Timeout() {
414 func TestConnCloseBreakingWrite(t *testing.T) {
415 ln := newLocalListener(t)
418 srvCh := make(chan *Conn, 1)
423 sconn, err = ln.Accept()
429 serverConfig := testConfig.Clone()
430 srv := Server(sconn, serverConfig)
431 if err := srv.Handshake(); err != nil {
432 serr = fmt.Errorf("handshake: %v", err)
439 cconn, err := net.Dial("tcp", ln.Addr().String())
445 conn := &changeImplConn{
449 clientConfig := testConfig.Clone()
450 tconn := Client(conn, clientConfig)
451 if err := tconn.Handshake(); err != nil {
461 connClosed := make(chan struct{})
462 conn.closeFunc = func() error {
467 inWrite := make(chan bool, 1)
468 var errConnClosed = errors.New("conn closed for test")
469 conn.writeFunc = func(p []byte) (n int, err error) {
472 return 0, errConnClosed
475 closeReturned := make(chan bool, 1)
478 tconn.Close() // test that this doesn't block forever.
479 closeReturned <- true
482 _, err = tconn.Write([]byte("foo"))
483 if err != errConnClosed {
484 t.Errorf("Write error = %v; want errConnClosed", err)
488 if err := tconn.Close(); err != errClosed {
489 t.Errorf("Close error = %v; want errClosed", err)
493 func TestConnCloseWrite(t *testing.T) {
494 ln := newLocalListener(t)
497 clientDoneChan := make(chan struct{})
499 serverCloseWrite := func() error {
500 sconn, err := ln.Accept()
502 return fmt.Errorf("accept: %v", err)
506 serverConfig := testConfig.Clone()
507 srv := Server(sconn, serverConfig)
508 if err := srv.Handshake(); err != nil {
509 return fmt.Errorf("handshake: %v", err)
513 data, err := ioutil.ReadAll(srv)
518 return fmt.Errorf("Read data = %q; want nothing", data)
521 if err := srv.CloseWrite(); err != nil {
522 return fmt.Errorf("server CloseWrite: %v", err)
525 // Wait for clientCloseWrite to finish, so we know we
526 // tested the CloseWrite before we defer the
527 // sconn.Close above, which would also cause the
528 // client to unblock like CloseWrite.
533 clientCloseWrite := func() error {
534 defer close(clientDoneChan)
536 clientConfig := testConfig.Clone()
537 conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
541 if err := conn.Handshake(); err != nil {
546 if err := conn.CloseWrite(); err != nil {
547 return fmt.Errorf("client CloseWrite: %v", err)
550 if _, err := conn.Write([]byte{0}); err != errShutdown {
551 return fmt.Errorf("CloseWrite error = %v; want errShutdown", err)
554 data, err := ioutil.ReadAll(conn)
559 return fmt.Errorf("Read data = %q; want nothing", data)
564 errChan := make(chan error, 2)
566 go func() { errChan <- serverCloseWrite() }()
567 go func() { errChan <- clientCloseWrite() }()
569 for i := 0; i < 2; i++ {
571 case err := <-errChan:
575 case <-time.After(10 * time.Second):
580 // Also test CloseWrite being called before the handshake is
583 ln2 := newLocalListener(t)
586 netConn, err := net.Dial("tcp", ln2.Addr().String())
590 defer netConn.Close()
591 conn := Client(netConn, testConfig.Clone())
593 if err := conn.CloseWrite(); err != errEarlyCloseWrite {
594 t.Errorf("CloseWrite error = %v; want errEarlyCloseWrite", err)
599 func TestWarningAlertFlood(t *testing.T) {
600 ln := newLocalListener(t)
603 server := func() error {
604 sconn, err := ln.Accept()
606 return fmt.Errorf("accept: %v", err)
610 serverConfig := testConfig.Clone()
611 srv := Server(sconn, serverConfig)
612 if err := srv.Handshake(); err != nil {
613 return fmt.Errorf("handshake: %v", err)
617 _, err = ioutil.ReadAll(srv)
619 return errors.New("unexpected lack of error from server")
621 const expected = "too many ignored"
622 if str := err.Error(); !strings.Contains(str, expected) {
623 return fmt.Errorf("expected error containing %q, but saw: %s", expected, str)
629 errChan := make(chan error, 1)
630 go func() { errChan <- server() }()
632 clientConfig := testConfig.Clone()
633 clientConfig.MaxVersion = VersionTLS12 // there are no warning alerts in TLS 1.3
634 conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
639 if err := conn.Handshake(); err != nil {
643 for i := 0; i < maxUselessRecords+1; i++ {
644 conn.sendAlert(alertNoRenegotiation)
647 if err := <-errChan; err != nil {
652 func TestCloneFuncFields(t *testing.T) {
653 const expectedCount = 5
657 Time: func() time.Time {
661 GetCertificate: func(*ClientHelloInfo) (*Certificate, error) {
665 GetClientCertificate: func(*CertificateRequestInfo) (*Certificate, error) {
669 GetConfigForClient: func(*ClientHelloInfo) (*Config, error) {
673 VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
682 c2.GetCertificate(nil)
683 c2.GetClientCertificate(nil)
684 c2.GetConfigForClient(nil)
685 c2.VerifyPeerCertificate(nil, nil)
687 if called != (1<<expectedCount)-1 {
688 t.Fatalf("expected %d calls but saw calls %b", expectedCount, called)
692 func TestCloneNonFuncFields(t *testing.T) {
694 v := reflect.ValueOf(&c1).Elem()
697 for i := 0; i < typ.NumField(); i++ {
700 // unexported field; not cloned.
704 // testing/quick can't handle functions or interfaces and so
706 switch fn := typ.Field(i).Name; fn {
708 f.Set(reflect.ValueOf(io.Reader(os.Stdin)))
709 case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "GetClientCertificate":
710 // DeepEqual can't compare functions. If you add a
711 // function field to this list, you must also change
712 // TestCloneFuncFields to ensure that the func field is
715 f.Set(reflect.ValueOf([]Certificate{
716 {Certificate: [][]byte{{'b'}}},
718 case "NameToCertificate":
719 f.Set(reflect.ValueOf(map[string]*Certificate{"a": nil}))
720 case "RootCAs", "ClientCAs":
721 f.Set(reflect.ValueOf(x509.NewCertPool()))
722 case "ClientSessionCache":
723 f.Set(reflect.ValueOf(NewLRUClientSessionCache(10)))
725 f.Set(reflect.ValueOf(io.Writer(os.Stdout)))
727 f.Set(reflect.ValueOf([]string{"a", "b"}))
729 f.Set(reflect.ValueOf("b"))
731 f.Set(reflect.ValueOf(VerifyClientCertIfGiven))
732 case "InsecureSkipVerify", "SessionTicketsDisabled", "DynamicRecordSizingDisabled", "PreferServerCipherSuites":
733 f.Set(reflect.ValueOf(true))
734 case "MinVersion", "MaxVersion":
735 f.Set(reflect.ValueOf(uint16(VersionTLS12)))
736 case "SessionTicketKey":
737 f.Set(reflect.ValueOf([32]byte{}))
739 f.Set(reflect.ValueOf([]uint16{1, 2}))
740 case "CurvePreferences":
741 f.Set(reflect.ValueOf([]CurveID{CurveP256}))
742 case "Renegotiation":
743 f.Set(reflect.ValueOf(RenegotiateOnceAsClient))
745 t.Errorf("all fields must be accounted for, but saw unknown field %q", fn)
750 // DeepEqual also compares unexported fields, thus c2 needs to have run
751 // serverInit in order to be DeepEqual to c1. Cloning it and discarding
752 // the result is sufficient.
755 if !reflect.DeepEqual(&c1, c2) {
756 t.Errorf("clone failed to copy a field")
760 // changeImplConn is a net.Conn which can change its Write and Close
762 type changeImplConn struct {
764 writeFunc func([]byte) (int, error)
765 closeFunc func() error
768 func (w *changeImplConn) Write(p []byte) (n int, err error) {
769 if w.writeFunc != nil {
770 return w.writeFunc(p)
772 return w.Conn.Write(p)
775 func (w *changeImplConn) Close() error {
776 if w.closeFunc != nil {
779 return w.Conn.Close()
782 func throughput(b *testing.B, version uint16, totalBytes int64, dynamicRecordSizingDisabled bool) {
783 ln := newLocalListener(b)
788 // Less than 64KB because Windows appears to use a TCP rwin < 64KB.
790 const bufsize = 32 << 10
793 buf := make([]byte, bufsize)
794 for i := 0; i < N; i++ {
795 sconn, err := ln.Accept()
797 // panic rather than synchronize to avoid benchmark overhead
798 // (cannot call b.Fatal in goroutine)
799 panic(fmt.Errorf("accept: %v", err))
801 serverConfig := testConfig.Clone()
802 serverConfig.CipherSuites = nil // the defaults may prefer faster ciphers
803 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled
804 srv := Server(sconn, serverConfig)
805 if err := srv.Handshake(); err != nil {
806 panic(fmt.Errorf("handshake: %v", err))
808 if _, err := io.CopyBuffer(srv, srv, buf); err != nil {
809 panic(fmt.Errorf("copy buffer: %v", err))
814 b.SetBytes(totalBytes)
815 clientConfig := testConfig.Clone()
816 clientConfig.CipherSuites = nil // the defaults may prefer faster ciphers
817 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled
818 clientConfig.MaxVersion = version
820 buf := make([]byte, bufsize)
821 chunks := int(math.Ceil(float64(totalBytes) / float64(len(buf))))
822 for i := 0; i < N; i++ {
823 conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
827 for j := 0; j < chunks; j++ {
828 _, err := conn.Write(buf)
832 _, err = io.ReadFull(conn, buf)
841 func BenchmarkThroughput(b *testing.B) {
842 for _, mode := range []string{"Max", "Dynamic"} {
843 for size := 1; size <= 64; size <<= 1 {
844 name := fmt.Sprintf("%sPacket/%dMB", mode, size)
845 b.Run(name, func(b *testing.B) {
846 b.Run("TLSv12", func(b *testing.B) {
847 throughput(b, VersionTLS12, int64(size<<20), mode == "Max")
849 b.Run("TLSv13", func(b *testing.B) {
850 throughput(b, VersionTLS13, int64(size<<20), mode == "Max")
857 type slowConn struct {
862 func (c *slowConn) Write(p []byte) (int, error) {
869 time.Sleep(100 * time.Microsecond)
870 allowed := int(time.Since(t0).Seconds()*float64(c.bps)) / 8
871 if allowed > len(p) {
875 n, err := c.Conn.Write(p[wrote:allowed])
885 func latency(b *testing.B, version uint16, bps int, dynamicRecordSizingDisabled bool) {
886 ln := newLocalListener(b)
892 for i := 0; i < N; i++ {
893 sconn, err := ln.Accept()
895 // panic rather than synchronize to avoid benchmark overhead
896 // (cannot call b.Fatal in goroutine)
897 panic(fmt.Errorf("accept: %v", err))
899 serverConfig := testConfig.Clone()
900 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled
901 srv := Server(&slowConn{sconn, bps}, serverConfig)
902 if err := srv.Handshake(); err != nil {
903 panic(fmt.Errorf("handshake: %v", err))
909 clientConfig := testConfig.Clone()
910 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled
911 clientConfig.MaxVersion = version
913 buf := make([]byte, 16384)
914 peek := make([]byte, 1)
916 for i := 0; i < N; i++ {
917 conn, err := Dial("tcp", ln.Addr().String(), clientConfig)
921 // make sure we're connected and previous connection has stopped
922 if _, err := conn.Write(buf[:1]); err != nil {
925 if _, err := io.ReadFull(conn, peek); err != nil {
928 if _, err := conn.Write(buf); err != nil {
931 if _, err = io.ReadFull(conn, peek); err != nil {
938 func BenchmarkLatency(b *testing.B) {
939 for _, mode := range []string{"Max", "Dynamic"} {
940 for _, kbps := range []int{200, 500, 1000, 2000, 5000} {
941 name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps)
942 b.Run(name, func(b *testing.B) {
943 b.Run("TLSv12", func(b *testing.B) {
944 latency(b, VersionTLS12, kbps*1000, mode == "Max")
946 b.Run("TLSv13", func(b *testing.B) {
947 latency(b, VersionTLS13, kbps*1000, mode == "Max")
954 func TestConnectionStateMarshal(t *testing.T) {
955 cs := &ConnectionState{}
956 _, err := json.Marshal(cs)
958 t.Errorf("json.Marshal failed on ConnectionState: %v", err)
962 func TestConnectionState(t *testing.T) {
963 issuer, err := x509.ParseCertificate(testRSACertificateIssuer)
967 rootCAs := x509.NewCertPool()
968 rootCAs.AddCert(issuer)
970 now := func() time.Time { return time.Unix(1476984729, 0) }
972 const alpnProtocol = "golang"
973 const serverName = "example.golang"
974 var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")}
975 var ocsp = []byte("dummy ocsp")
977 for _, v := range []uint16{VersionTLS12, VersionTLS13} {
985 t.Run(name, func(t *testing.T) {
989 Certificates: make([]Certificate, 1),
993 ClientAuth: RequireAndVerifyClientCert,
994 NextProtos: []string{alpnProtocol},
995 ServerName: serverName,
997 config.Certificates[0].Certificate = [][]byte{testRSACertificate}
998 config.Certificates[0].PrivateKey = testRSAPrivateKey
999 config.Certificates[0].SignedCertificateTimestamps = scts
1000 config.Certificates[0].OCSPStaple = ocsp
1002 ss, cs, err := testHandshake(t, config, config)
1004 t.Fatalf("Handshake failed: %v", err)
1007 if ss.Version != v || cs.Version != v {
1008 t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v)
1011 if !ss.HandshakeComplete || !cs.HandshakeComplete {
1012 t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete)
1015 if ss.DidResume || cs.DidResume {
1016 t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume)
1019 if ss.CipherSuite == 0 || cs.CipherSuite == 0 {
1020 t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite)
1023 if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol {
1024 t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol)
1027 if !cs.NegotiatedProtocolIsMutual {
1028 t.Errorf("Got false NegotiatedProtocolIsMutual on the client side")
1030 // NegotiatedProtocolIsMutual on the server side is unspecified.
1032 if ss.ServerName != serverName {
1033 t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName)
1035 if cs.ServerName != "" {
1036 t.Errorf("Got unexpected server name on the client side")
1039 if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 {
1040 t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1)
1043 if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 {
1044 t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1)
1045 } else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 {
1046 t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2)
1049 if len(cs.SignedCertificateTimestamps) != 2 {
1050 t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2)
1052 if !bytes.Equal(cs.OCSPResponse, ocsp) {
1053 t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp)
1055 // Only TLS 1.3 supports OCSP and SCTs on client certs.
1056 if v == VersionTLS13 {
1057 if len(ss.SignedCertificateTimestamps) != 2 {
1058 t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2)
1060 if !bytes.Equal(ss.OCSPResponse, ocsp) {
1061 t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp)
1065 if v == VersionTLS13 {
1066 if ss.TLSUnique != nil || cs.TLSUnique != nil {
1067 t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique)
1070 if ss.TLSUnique == nil || cs.TLSUnique == nil {
1071 t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique)
1078 // TestEscapeRoute tests that the library will still work if support for TLS 1.3
1079 // is dropped later in the Go 1.12 cycle.
1080 func TestEscapeRoute(t *testing.T) {
1081 defer func(savedSupportedVersions []uint16) {
1082 supportedVersions = savedSupportedVersions
1083 }(supportedVersions)
1084 supportedVersions = []uint16{
1091 expectVersion(t, testConfig, testConfig, VersionTLS12)
1094 func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) {
1095 ss, cs, err := testHandshake(t, clientConfig, serverConfig)
1097 t.Fatalf("Handshake failed: %v", err)
1099 if ss.Version != v {
1100 t.Errorf("Server negotiated version %x, expected %x", cs.Version, v)
1102 if cs.Version != v {
1103 t.Errorf("Client negotiated version %x, expected %x", cs.Version, v)
1107 // TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055.
1108 func TestTLS13Switch(t *testing.T) {
1109 defer func(savedGODEBUG string) {
1110 os.Setenv("GODEBUG", savedGODEBUG)
1111 }(os.Getenv("GODEBUG"))
1113 os.Setenv("GODEBUG", "tls13=0")
1114 tls13Support.Once = sync.Once{} // reset the cache
1116 tls12Config := testConfig.Clone()
1117 tls12Config.MaxVersion = VersionTLS12
1118 expectVersion(t, testConfig, testConfig, VersionTLS12)
1119 expectVersion(t, tls12Config, testConfig, VersionTLS12)
1120 expectVersion(t, testConfig, tls12Config, VersionTLS12)
1121 expectVersion(t, tls12Config, tls12Config, VersionTLS12)
1123 os.Setenv("GODEBUG", "tls13=1")
1124 tls13Support.Once = sync.Once{} // reset the cache
1126 expectVersion(t, testConfig, testConfig, VersionTLS13)
1127 expectVersion(t, tls12Config, testConfig, VersionTLS12)
1128 expectVersion(t, testConfig, tls12Config, VersionTLS12)
1129 expectVersion(t, tls12Config, tls12Config, VersionTLS12)
1132 // Issue 28744: Ensure that we don't modify memory
1133 // that Config doesn't own such as Certificates.
1134 func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) {
1136 Certificate: [][]byte{testRSACertificate},
1137 PrivateKey: testRSAPrivateKey,
1140 Certificate: [][]byte{testSNICertificate},
1141 PrivateKey: testRSAPrivateKey,
1143 config := testConfig.Clone()
1144 config.Certificates = []Certificate{c0, c1}
1146 config.BuildNameToCertificate()
1147 got := config.Certificates
1148 want := []Certificate{c0, c1}
1149 if !reflect.DeepEqual(got, want) {
1150 t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want)