(t *testing.T)
| 235 | } |
| 236 | |
| 237 | func (s) TestServerOptionsConfigErrorCases(t *testing.T) { |
| 238 | tests := []struct { |
| 239 | desc string |
| 240 | requireClientCert bool |
| 241 | serverVerificationType VerificationType |
| 242 | IdentityOptions IdentityCertificateOptions |
| 243 | RootOptions RootCertificateOptions |
| 244 | MinVersion uint16 |
| 245 | MaxVersion uint16 |
| 246 | }{ |
| 247 | { |
| 248 | desc: "Skip default verification and provide no root credentials", |
| 249 | requireClientCert: true, |
| 250 | serverVerificationType: SkipVerification, |
| 251 | }, |
| 252 | { |
| 253 | desc: "More than one fields in RootCertificateOptions is specified", |
| 254 | requireClientCert: true, |
| 255 | serverVerificationType: CertVerification, |
| 256 | RootOptions: RootCertificateOptions{ |
| 257 | RootCertificates: x509.NewCertPool(), |
| 258 | GetRootCertificates: func(*ConnectionInfo) (*RootCertificates, error) { |
| 259 | return nil, nil |
| 260 | }, |
| 261 | }, |
| 262 | }, |
| 263 | { |
| 264 | desc: "More than one fields in IdentityCertificateOptions is specified", |
| 265 | serverVerificationType: CertVerification, |
| 266 | IdentityOptions: IdentityCertificateOptions{ |
| 267 | Certificates: []tls.Certificate{}, |
| 268 | IdentityProvider: fakeProvider{pt: provTypeIdentity}, |
| 269 | }, |
| 270 | }, |
| 271 | { |
| 272 | desc: "no field in IdentityCertificateOptions is specified", |
| 273 | serverVerificationType: CertVerification, |
| 274 | }, |
| 275 | { |
| 276 | desc: "Specify GetIdentityCertificatesForClient", |
| 277 | IdentityOptions: IdentityCertificateOptions{ |
| 278 | GetIdentityCertificatesForClient: func(*tls.CertificateRequestInfo) (*tls.Certificate, error) { |
| 279 | return nil, nil |
| 280 | }, |
| 281 | }, |
| 282 | }, |
| 283 | { |
| 284 | desc: "Invalid min/max TLS versions", |
| 285 | MinVersion: tls.VersionTLS13, |
| 286 | MaxVersion: tls.VersionTLS12, |
| 287 | }, |
| 288 | } |
| 289 | for _, test := range tests { |
| 290 | test := test |
| 291 | t.Run(test.desc, func(t *testing.T) { |
| 292 | serverOptions := &Options{ |
| 293 | VerificationType: test.serverVerificationType, |
| 294 | RequireClientCert: test.requireClientCert, |
nothing calls this directly
no test coverage detected