MCPcopy
hub / github.com/grpc/grpc-go / TestClientCredsHandshakeFailure

Method TestClientCredsHandshakeFailure

credentials/xds/xds_client_test.go:502–593  ·  view source on GitHub ↗

TestClientCredsHandshakeFailure verifies different handshake failure cases.

(t *testing.T)

Source from the content-addressed store, hash-verified

500
501// TestClientCredsHandshakeFailure verifies different handshake failure cases.
502func (s) TestClientCredsHandshakeFailure(t *testing.T) {
503 tests := []struct {
504 desc string
505 handshakeFunc testHandshakeFunc
506 rootProvider certprovider.Provider
507 san string
508 sni string
509 validateSANUsingSNI bool
510 enableSNIFlag bool
511 wantErr string
512 }{
513 {
514 desc: "cert validation failure",
515 handshakeFunc: testServerTLSHandshake,
516 rootProvider: makeRootProvider(t, "x509/client_ca_cert.pem"),
517 san: defaultTestCertSAN,
518 wantErr: "x509: certificate signed by unknown authority",
519 },
520 {
521 desc: "SAN mismatch",
522 handshakeFunc: testServerTLSHandshake,
523 rootProvider: makeRootProvider(t, "x509/server_ca_cert.pem"),
524 san: "bad-san",
525 wantErr: "do not match any of the accepted SANs",
526 },
527 {
528 desc: "SNI SAN mismatch",
529 handshakeFunc: testServerTLSHandshake,
530 rootProvider: makeRootProvider(t, "x509/server_ca_cert.pem"),
531 sni: "bad-sni",
532 validateSANUsingSNI: true,
533 wantErr: "do not match the SNI",
534 enableSNIFlag: true,
535 },
536 {
537 desc: "SNI set, AutoSniSanValidation disabled with SAN mismatch",
538 handshakeFunc: testServerTLSHandshake,
539 rootProvider: makeRootProvider(t, "x509/server_ca_cert.pem"),
540 sni: defaultTestCertSAN,
541 san: "bad-san",
542 validateSANUsingSNI: false,
543 wantErr: "do not match any of the accepted SANs",
544 enableSNIFlag: true,
545 },
546 {
547 desc: "SNI set with SAN mismatch and AutoSniSanValidation enabled, environment variable disabled",
548 handshakeFunc: testServerTLSHandshake,
549 rootProvider: makeRootProvider(t, "x509/server_ca_cert.pem"),
550 sni: defaultTestCertSAN,
551 san: "bad-san",
552 validateSANUsingSNI: true,
553 wantErr: "do not match any of the accepted SANs",
554 },
555 {
556 desc: "SNI empty, AutoSniSanValidation enabled with SAN mismatch",
557 handshakeFunc: testServerTLSHandshake,
558 rootProvider: makeRootProvider(t, "x509/server_ca_cert.pem"),
559 sni: "",

Callers

nothing calls this directly

Calls 12

SetEnvConfigFunction · 0.92
makeFallbackClientCredsFunction · 0.85
NewClientCredentialsFunction · 0.85
makeRootProviderFunction · 0.70
stopMethod · 0.65
FatalfMethod · 0.65
CloseMethod · 0.65
ClientHandshakeMethod · 0.65
ErrorMethod · 0.65
DialMethod · 0.45

Tested by

no test coverage detected