MCPcopy
hub / github.com/nats-io/nats.go / TestTLSEOFAfterHandshakeNonTLSFirst

Function TestTLSEOFAfterHandshakeNonTLSFirst

test/conn_test.go:3572–3628  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

3570}
3571
3572func TestTLSEOFAfterHandshakeNonTLSFirst(t *testing.T) {
3573 // When the server requires TLS (but not handshake-first), completes
3574 // the TLS handshake via the INFO-driven upgrade, then immediately
3575 // closes, the error should also be wrapped.
3576
3577 tc := &server.TLSConfigOpts{
3578 CertFile: "./configs/certs/server.pem",
3579 KeyFile: "./configs/certs/key.pem",
3580 }
3581 tlsConf, err := server.GenTLSConfig(tc)
3582 if err != nil {
3583 t.Fatalf("Can't build TLSConfig: %v", err)
3584 }
3585 tlsConf.ServerName = "localhost"
3586
3587 l, err := net.Listen("tcp", "127.0.0.1:0")
3588 if err != nil {
3589 t.Fatalf("Could not listen: %v", err)
3590 }
3591 defer l.Close()
3592
3593 addr := l.Addr().(*net.TCPAddr)
3594
3595 // Mock server: send INFO requiring TLS, do TLS upgrade, then close.
3596 go func() {
3597 conn, err := l.Accept()
3598 if err != nil {
3599 return
3600 }
3601 defer conn.Close()
3602
3603 // Send INFO with tls_required before TLS handshake.
3604 info := fmt.Sprintf("INFO {\"server_id\":\"test\",\"host\":\"localhost\",\"port\":%d,\"tls_required\":true,\"tls_available\":true,\"max_payload\":1048576}\r\n", addr.Port)
3605 conn.Write([]byte(info))
3606
3607 // Upgrade to TLS.
3608 tlsConn := tls.Server(conn, tlsConf)
3609 if err := tlsConn.Handshake(); err != nil {
3610 return
3611 }
3612 // Wait a bit so the client starts writing CONNECT+PING,
3613 // then close — this makes "broken pipe" more likely.
3614 time.Sleep(50 * time.Millisecond)
3615 tlsConn.Close()
3616 }()
3617
3618 _, err = nats.Connect(
3619 fmt.Sprintf("nats://localhost:%d", addr.Port),
3620 nats.RootCAs("./configs/certs/ca.pem"),
3621 )
3622 if err == nil {
3623 t.Fatal("Expected error, got nil")
3624 }
3625 if !errors.Is(err, nats.ErrTLS) {
3626 t.Fatalf("Expected error to wrap nats.ErrTLS, got: %v", err)
3627 }
3628}
3629

Callers

nothing calls this directly

Calls 5

FatalfMethod · 0.80
ConnectMethod · 0.80
CloseMethod · 0.45
WriteMethod · 0.45
IsMethod · 0.45

Tested by

no test coverage detected