(t *testing.T)
| 288 | } |
| 289 | |
| 290 | func TestWSWithTLS(t *testing.T) { |
| 291 | for _, test := range []struct { |
| 292 | name string |
| 293 | compression bool |
| 294 | }{ |
| 295 | {"without compression", false}, |
| 296 | {"with compression", true}, |
| 297 | } { |
| 298 | t.Run(test.name, func(t *testing.T) { |
| 299 | sopts := testWSGetDefaultOptions(t, true) |
| 300 | sopts.Websocket.Compression = test.compression |
| 301 | s := RunServerWithOptions(sopts) |
| 302 | defer s.Shutdown() |
| 303 | |
| 304 | var copts []nats.Option |
| 305 | if test.compression { |
| 306 | copts = append(copts, nats.Compression(true)) |
| 307 | } |
| 308 | |
| 309 | // Check that we fail to connect without proper TLS configuration. |
| 310 | nc, err := nats.Connect(fmt.Sprintf("ws://localhost:%d", sopts.Websocket.Port), copts...) |
| 311 | if err == nil { |
| 312 | if nc != nil { |
| 313 | nc.Close() |
| 314 | } |
| 315 | t.Fatal("Expected error, got none") |
| 316 | } |
| 317 | |
| 318 | // Same but with wss protocol, which should translate to TLS, however, |
| 319 | // since we used self signed certificates, this should fail without |
| 320 | // asking to skip server cert verification. |
| 321 | nc, err = nats.Connect(fmt.Sprintf("wss://localhost:%d", sopts.Websocket.Port), copts...) |
| 322 | // Since Go 1.18, we had to regenerate certs to not have to use GODEBUG="x509sha1=1" |
| 323 | // But on macOS, with our test CA certs, no SCTs included, it will fail |
| 324 | // for the reason "x509: “localhost” certificate is not standards compliant" |
| 325 | // instead of "unknown authority". |
| 326 | if err == nil || (!strings.Contains(err.Error(), "authority") && !strings.Contains(err.Error(), "compliant")) { |
| 327 | if nc != nil { |
| 328 | nc.Close() |
| 329 | } |
| 330 | t.Fatalf("Expected error about unknown authority: %v", err) |
| 331 | } |
| 332 | |
| 333 | // Skip server verification and we should be good. |
| 334 | copts = append(copts, nats.Secure(&tls.Config{InsecureSkipVerify: true})) |
| 335 | nc, err = nats.Connect(fmt.Sprintf("wss://localhost:%d", sopts.Websocket.Port), copts...) |
| 336 | if err != nil { |
| 337 | t.Fatalf("Error on connect: %v", err) |
| 338 | } |
| 339 | defer nc.Close() |
| 340 | |
| 341 | sub, err := nc.SubscribeSync("foo") |
| 342 | if err != nil { |
| 343 | t.Fatalf("Error on subscribe: %v", err) |
| 344 | } |
| 345 | if err := nc.Publish("foo", []byte("hello")); err != nil { |
| 346 | t.Fatalf("Error on publish: %v", err) |
| 347 | } |
nothing calls this directly
no test coverage detected