MCPcopy
hub / github.com/grpc/grpc-go / makeClientTLSConfig

Function makeClientTLSConfig

credentials/xds/xds_server_test.go:39–71  ·  view source on GitHub ↗
(t *testing.T, mTLS bool)

Source from the content-addressed store, hash-verified

37)
38
39func makeClientTLSConfig(t *testing.T, mTLS bool) *tls.Config {
40 t.Helper()
41
42 pemData, err := os.ReadFile(testdata.Path("x509/server_ca_cert.pem"))
43 if err != nil {
44 t.Fatal(err)
45 }
46 roots := x509.NewCertPool()
47 roots.AppendCertsFromPEM(pemData)
48
49 var certs []tls.Certificate
50 if mTLS {
51 cert, err := tls.LoadX509KeyPair(testdata.Path("x509/client1_cert.pem"), testdata.Path("x509/client1_key.pem"))
52 if err != nil {
53 t.Fatal(err)
54 }
55 certs = append(certs, cert)
56 }
57
58 return &tls.Config{
59 Certificates: certs,
60 RootCAs: roots,
61 ServerName: "*.test.example.com",
62 // Setting this to true completely turns off the certificate validation
63 // on the client side. So, the client side handshake always seems to
64 // succeed. But if we want to turn this ON, we will need to generate
65 // certificates which work with localhost, or supply a custom
66 // verification function. So, the server credentials tests will rely
67 // solely on the success/failure of the server-side handshake.
68 InsecureSkipVerify: true,
69 NextProtos: []string{"h2"},
70 }
71}
72
73// Helper function to create a real TLS server credentials which is used as
74// fallback credentials from multiple tests.

Calls 2

PathFunction · 0.92
FatalMethod · 0.65

Tested by

no test coverage detected