(t *testing.T)
| 454 | } |
| 455 | |
| 456 | func setupTLSConn(t *testing.T) (net.Listener, *x509.Certificate, *ecdsa.PrivateKey) { |
| 457 | t.Helper() |
| 458 | templ := x509.Certificate{ |
| 459 | SerialNumber: big.NewInt(5), |
| 460 | BasicConstraintsValid: true, |
| 461 | NotBefore: time.Now().Add(-time.Hour), |
| 462 | NotAfter: time.Now().Add(time.Hour), |
| 463 | IsCA: true, |
| 464 | Subject: pkix.Name{CommonName: "test-cert"}, |
| 465 | KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, |
| 466 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, |
| 467 | IPAddresses: []net.IP{netip.MustParseAddr("::1").AsSlice()}, |
| 468 | CRLDistributionPoints: []string{"http://static.corp.google.com/crl/campus-sln/borg"}, |
| 469 | } |
| 470 | |
| 471 | key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| 472 | if err != nil { |
| 473 | t.Fatalf("ecdsa.GenerateKey failed err = %v", err) |
| 474 | } |
| 475 | rawCert, err := x509.CreateCertificate(rand.Reader, &templ, &templ, key.Public(), key) |
| 476 | if err != nil { |
| 477 | t.Fatalf("x509.CreateCertificate failed err = %v", err) |
| 478 | } |
| 479 | cert, err := x509.ParseCertificate(rawCert) |
| 480 | if err != nil { |
| 481 | t.Fatalf("x509.ParseCertificate failed err = %v", err) |
| 482 | } |
| 483 | |
| 484 | srvCfg := tls.Config{ |
| 485 | Certificates: []tls.Certificate{ |
| 486 | { |
| 487 | Certificate: [][]byte{cert.Raw}, |
| 488 | PrivateKey: key, |
| 489 | }, |
| 490 | }, |
| 491 | } |
| 492 | l, err := tls.Listen("tcp6", "[::1]:0", &srvCfg) |
| 493 | if err != nil { |
| 494 | t.Fatalf("tls.Listen failed err = %v", err) |
| 495 | } |
| 496 | return l, cert, key |
| 497 | } |
| 498 | |
| 499 | // TestVerifyConnection will setup a client/server connection and check revocation in the real TLS dialer |
| 500 | func TestVerifyConnection(t *testing.T) { |
no test coverage detected