MCPcopy
hub / github.com/nats-io/nats.go / TestTLSDontSkipVerify

Function TestTLSDontSkipVerify

test/conn_test.go:2906–2938  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

2904}
2905
2906func TestTLSDontSkipVerify(t *testing.T) {
2907 s, opts := RunServerWithConfig("./configs/tls_noip_a.conf")
2908 defer s.Shutdown()
2909
2910 // Connect with nats:// prefix to a server that requires TLS.
2911 // The library will automatically switch to TLS, but we should
2912 // not skip hostname verification.
2913 sURL := fmt.Sprintf("nats://derek:porkchop@127.0.0.1:%d", opts.Port)
2914 nc, err := nats.Connect(sURL, nats.RootCAs("./configs/certs/ca.pem"))
2915 // Verify that error is about hostname verification
2916 if err == nil || !strings.Contains(err.Error(), "IP SAN") {
2917 if nc != nil {
2918 nc.Close()
2919 }
2920 t.Fatalf("Expected error about hostname verification, got %v", err)
2921 }
2922 // Check that we can override skip verify by providing our own TLS Config.
2923 nc, err = nats.Connect(sURL, nats.RootCAs("./configs/certs/ca.pem"),
2924 nats.Secure(&tls.Config{InsecureSkipVerify: true}))
2925 if err != nil {
2926 t.Fatalf("Error on connect: %v", err)
2927 }
2928 nc.Close()
2929
2930 // Now change the URL to include hostname and verify that using
2931 // nats:// scheme does work.
2932 sURL = fmt.Sprintf("nats://derek:porkchop@%s:%d", opts.Host, opts.Port)
2933 nc, err = nats.Connect(sURL, nats.RootCAs("./configs/certs/ca.pem"))
2934 if err != nil {
2935 t.Fatalf("Error on connect: %v", err)
2936 }
2937 nc.Close()
2938}
2939
2940func TestRetryOnFailedConnect(t *testing.T) {
2941 nc, err := nats.Connect(nats.DefaultURL)

Callers

nothing calls this directly

Calls 5

ConnectMethod · 0.80
FatalfMethod · 0.80
RunServerWithConfigFunction · 0.70
ErrorMethod · 0.65
CloseMethod · 0.45

Tested by

no test coverage detected