-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathbadssl_test.go
64 lines (55 loc) · 1.57 KB
/
badssl_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package netemx
import (
"context"
"crypto/tls"
"fmt"
"net"
"testing"
"github.com/apex/log"
"github.com/ooni/probe-cli/v3/internal/netxlite"
)
func TestBadSSL(t *testing.T) {
env := MustNewScenario(InternetScenario)
defer env.Close()
env.Do(func() {
// testcase is a testcase supported by this function
type testcase struct {
serverName string
expectErr string
}
testcases := []testcase{{
serverName: "untrusted-root.badssl.com",
expectErr: netxlite.FailureSSLUnknownAuthority,
}, {
serverName: "wrong.host.badssl.com",
expectErr: netxlite.FailureSSLInvalidHostname,
}, {
serverName: "expired.badssl.com",
expectErr: netxlite.FailureSSLInvalidCertificate,
}, {
// Make sure that we can use the badssl server as something we can
// force using the DNS to cause a failure
serverName: "www.example.com",
expectErr: netxlite.FailureSSLUnknownAuthority,
}}
for _, tc := range testcases {
t.Run(fmt.Sprintf("for %s expect %s", tc.serverName, tc.expectErr), func(t *testing.T) {
tlsConfig := &tls.Config{ServerName: tc.serverName}
netx := &netxlite.Netx{}
tlsDialer := netxlite.NewTLSDialerWithConfig(
netx.NewDialerWithoutResolver(log.Log),
netx.NewTLSHandshakerStdlib(log.Log),
tlsConfig,
)
endpoint := net.JoinHostPort(AddressBadSSLCom, "443")
conn, err := tlsDialer.DialTLSContext(context.Background(), "tcp", endpoint)
if err == nil || err.Error() != tc.expectErr {
t.Fatal("unexpected error", err)
}
if conn != nil {
t.Fatal("expected nil conn")
}
})
}
})
}