(t *testing.T)
| 2904 | } |
| 2905 | |
| 2906 | func TestTLSDontSkipVerify(t *testing.T) { |
| 2907 | s, opts := RunServerWithConfig("./configs/tls_noip_a.conf") |
| 2908 | defer s.Shutdown() |
| 2909 | |
| 2910 | // Connect with nats:// prefix to a server that requires TLS. |
| 2911 | // The library will automatically switch to TLS, but we should |
| 2912 | // not skip hostname verification. |
| 2913 | sURL := fmt.Sprintf("nats://derek:porkchop@127.0.0.1:%d", opts.Port) |
| 2914 | nc, err := nats.Connect(sURL, nats.RootCAs("./configs/certs/ca.pem")) |
| 2915 | // Verify that error is about hostname verification |
| 2916 | if err == nil || !strings.Contains(err.Error(), "IP SAN") { |
| 2917 | if nc != nil { |
| 2918 | nc.Close() |
| 2919 | } |
| 2920 | t.Fatalf("Expected error about hostname verification, got %v", err) |
| 2921 | } |
| 2922 | // Check that we can override skip verify by providing our own TLS Config. |
| 2923 | nc, err = nats.Connect(sURL, nats.RootCAs("./configs/certs/ca.pem"), |
| 2924 | nats.Secure(&tls.Config{InsecureSkipVerify: true})) |
| 2925 | if err != nil { |
| 2926 | t.Fatalf("Error on connect: %v", err) |
| 2927 | } |
| 2928 | nc.Close() |
| 2929 | |
| 2930 | // Now change the URL to include hostname and verify that using |
| 2931 | // nats:// scheme does work. |
| 2932 | sURL = fmt.Sprintf("nats://derek:porkchop@%s:%d", opts.Host, opts.Port) |
| 2933 | nc, err = nats.Connect(sURL, nats.RootCAs("./configs/certs/ca.pem")) |
| 2934 | if err != nil { |
| 2935 | t.Fatalf("Error on connect: %v", err) |
| 2936 | } |
| 2937 | nc.Close() |
| 2938 | } |
| 2939 | |
| 2940 | func TestRetryOnFailedConnect(t *testing.T) { |
| 2941 | nc, err := nats.Connect(nats.DefaultURL) |
nothing calls this directly
no test coverage detected