TestVerifyConnection will setup a client/server connection and check revocation in the real TLS dialer
(t *testing.T)
| 498 | |
| 499 | // TestVerifyConnection will setup a client/server connection and check revocation in the real TLS dialer |
| 500 | func TestVerifyConnection(t *testing.T) { |
| 501 | lis, cert, key := setupTLSConn(t) |
| 502 | defer func() { |
| 503 | lis.Close() |
| 504 | }() |
| 505 | |
| 506 | var handshakeTests = []struct { |
| 507 | desc string |
| 508 | revoked []pkix.RevokedCertificate |
| 509 | success bool |
| 510 | }{ |
| 511 | { |
| 512 | desc: "Empty CRL", |
| 513 | revoked: []pkix.RevokedCertificate{}, |
| 514 | success: true, |
| 515 | }, |
| 516 | { |
| 517 | desc: "Revoked Cert", |
| 518 | revoked: []pkix.RevokedCertificate{ |
| 519 | { |
| 520 | SerialNumber: cert.SerialNumber, |
| 521 | RevocationTime: time.Now(), |
| 522 | }, |
| 523 | }, |
| 524 | success: false, |
| 525 | }, |
| 526 | } |
| 527 | for _, tt := range handshakeTests { |
| 528 | t.Run(tt.desc, func(t *testing.T) { |
| 529 | // Accept one connection. |
| 530 | go func() { |
| 531 | conn, err := lis.Accept() |
| 532 | if err != nil { |
| 533 | t.Errorf("tls.Accept failed err = %v", err) |
| 534 | } else { |
| 535 | conn.Write([]byte("Hello, World!")) |
| 536 | conn.Close() |
| 537 | } |
| 538 | }() |
| 539 | |
| 540 | dir, err := os.MkdirTemp("", "crl_dir") |
| 541 | if err != nil { |
| 542 | t.Fatalf("os.MkdirTemp failed err = %v", err) |
| 543 | } |
| 544 | defer os.RemoveAll(dir) |
| 545 | |
| 546 | template := &x509.RevocationList{ |
| 547 | RevokedCertificates: tt.revoked, |
| 548 | ThisUpdate: time.Now(), |
| 549 | NextUpdate: time.Now().Add(time.Hour), |
| 550 | Number: big.NewInt(1), |
| 551 | } |
| 552 | crl, err := x509.CreateRevocationList(rand.Reader, template, cert, key) |
| 553 | if err != nil { |
| 554 | t.Fatalf("templ.CreateRevocationList failed err = %v", err) |
| 555 | } |
| 556 | |
| 557 | err = os.WriteFile(path.Join(dir, fmt.Sprintf("%s.r0", cert.Subject.ToRDNSequence())), crl, 0777) |
nothing calls this directly
no test coverage detected