"io"
"math/big"
"net"
- "os"
"strings"
"sync"
"time"
if c != nil && c.MaxVersion != 0 && v > c.MaxVersion {
continue
}
- // TLS 1.3 is opt-out in Go 1.13.
- if v == VersionTLS13 && !isTLS13Supported() {
- continue
- }
versions = append(versions, v)
}
return versions
}
-// tls13Support caches the result for isTLS13Supported.
-var tls13Support struct {
- sync.Once
- cached bool
-}
-
-// isTLS13Supported returns whether the program enabled TLS 1.3 by not opting
-// out with GODEBUG=tls13=0. It's cached after the first execution.
-func isTLS13Supported() bool {
- tls13Support.Do(func() {
- tls13Support.cached = goDebugString("tls13") != "0"
- })
- return tls13Support.cached
-}
-
-// goDebugString returns the value of the named GODEBUG key.
-// GODEBUG is of the form "key=val,key2=val2".
-func goDebugString(key string) string {
- s := os.Getenv("GODEBUG")
- for i := 0; i < len(s)-len(key)-1; i++ {
- if i > 0 && s[i-1] != ',' {
- continue
- }
- afterKey := s[i+len(key):]
- if afterKey[0] != '=' || s[i:i+len(key)] != key {
- continue
- }
- val := afterKey[1:]
- for i, b := range val {
- if b == ',' {
- return val[:i]
- }
- }
- return val
- }
- return ""
-}
-
func (c *Config) maxSupportedVersion() uint16 {
supportedVersions := c.supportedVersions()
if len(supportedVersions) == 0 {
"os"
"reflect"
"strings"
- "sync"
"testing"
"time"
)
}
}
-// TestEscapeRoute tests that the library will still work if support for TLS 1.3
-// is dropped later in the Go 1.12 cycle.
-func TestEscapeRoute(t *testing.T) {
- defer func(savedSupportedVersions []uint16) {
- supportedVersions = savedSupportedVersions
- }(supportedVersions)
- supportedVersions = []uint16{
- VersionTLS12,
- VersionTLS11,
- VersionTLS10,
- }
-
- expectVersion(t, testConfig, testConfig, VersionTLS12)
-}
-
-func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) {
- ss, cs, err := testHandshake(t, clientConfig, serverConfig)
- if err != nil {
- t.Fatalf("Handshake failed: %v", err)
- }
- if ss.Version != v {
- t.Errorf("Server negotiated version %x, expected %x", cs.Version, v)
- }
- if cs.Version != v {
- t.Errorf("Client negotiated version %x, expected %x", cs.Version, v)
- }
-}
-
-// TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055.
-func TestTLS13Switch(t *testing.T) {
- defer func(savedGODEBUG string) {
- os.Setenv("GODEBUG", savedGODEBUG)
- }(os.Getenv("GODEBUG"))
-
- os.Setenv("GODEBUG", "tls13=0")
- tls13Support.Once = sync.Once{} // reset the cache
-
- tls12Config := testConfig.Clone()
- tls12Config.MaxVersion = VersionTLS12
- expectVersion(t, testConfig, testConfig, VersionTLS12)
- expectVersion(t, tls12Config, testConfig, VersionTLS12)
- expectVersion(t, testConfig, tls12Config, VersionTLS12)
- expectVersion(t, tls12Config, tls12Config, VersionTLS12)
-
- os.Setenv("GODEBUG", "tls13=1")
- tls13Support.Once = sync.Once{} // reset the cache
-
- expectVersion(t, testConfig, testConfig, VersionTLS13)
- expectVersion(t, tls12Config, testConfig, VersionTLS12)
- expectVersion(t, testConfig, tls12Config, VersionTLS12)
- expectVersion(t, tls12Config, tls12Config, VersionTLS12)
-}
-
// Issue 28744: Ensure that we don't modify memory
// that Config doesn't own such as Certificates.
func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) {