ooni-probe-cli/internal/engine/netx/tlsdialer/saver_test.go

package tlsdialer_test

import (
	"context"
	"crypto/tls"
	"net"
	"reflect"
	"testing"
	"time"

	"github.com/ooni/probe-cli/v3/internal/engine/netx/dialer"
	"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"
	"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"
	"github.com/ooni/probe-cli/v3/internal/netxlite"
)

func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {
	// This is the most common use case for collecting reads, writes
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	nextprotos := []string{"h2"}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialerLegacy{
		Config: &tls.Config{NextProtos: nextprotos},
		Dialer: netxlite.NewDialerLegacyAdapter(
			dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),
		),
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	// Implementation note: we don't close the connection here because it is
	// very handy to have the last event being the end of the handshake
	_, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")
	if err != nil {
		t.Fatal(err)
	}
	ev := saver.Read()
	if len(ev) < 4 {
		// it's a bit tricky to be sure about the right number of
		// events because network conditions may influence that
		t.Fatal("unexpected number of events")
	}
	if ev[0].Name != "tls_handshake_start" {
		t.Fatal("unexpected Name")
	}
	if ev[0].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[0].Time.After(time.Now()) {
		t.Fatal("unexpected Time")
	}
	last := len(ev) - 1
	for idx := 1; idx < last; idx++ {
		if ev[idx].Data == nil {
			t.Fatal("unexpected Data")
		}
		if ev[idx].Duration <= 0 {
			t.Fatal("unexpected Duration")
		}
		if ev[idx].Err != nil {
			t.Fatal("unexpected Err")
		}
		if ev[idx].NumBytes <= 0 {
			t.Fatal("unexpected NumBytes")
		}
		switch ev[idx].Name {
		case netxlite.ReadOperation, netxlite.WriteOperation:
		default:
			t.Fatal("unexpected Name")
		}
		if ev[idx].Time.Before(ev[idx-1].Time) {
			t.Fatal("unexpected Time")
		}
	}
	if ev[last].Duration <= 0 {
		t.Fatal("unexpected Duration")
	}
	if ev[last].Err != nil {
		t.Fatal("unexpected Err")
	}
	if ev[last].Name != "tls_handshake_done" {
		t.Fatal("unexpected Name")
	}
	if ev[last].TLSCipherSuite == "" {
		t.Fatal("unexpected TLSCipherSuite")
	}
	if ev[last].TLSNegotiatedProto != "h2" {
		t.Fatal("unexpected TLSNegotiatedProto")
	}
	if !reflect.DeepEqual(ev[last].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[last].TLSPeerCerts == nil {
		t.Fatal("unexpected TLSPeerCerts")
	}
	if ev[last].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if ev[last].TLSVersion == "" {
		t.Fatal("unexpected TLSVersion")
	}
	if ev[last].Time.Before(ev[last-1].Time) {
		t.Fatal("unexpected Time")
	}
}

func TestSaverTLSHandshakerSuccess(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	nextprotos := []string{"h2"}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialerLegacy{
		Config: &tls.Config{NextProtos: nextprotos},
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")
	if err != nil {
		t.Fatal(err)
	}
	conn.Close()
	ev := saver.Read()
	if len(ev) != 2 {
		t.Fatal("unexpected number of events")
	}
	if ev[0].Name != "tls_handshake_start" {
		t.Fatal("unexpected Name")
	}
	if ev[0].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[0].Time.After(time.Now()) {
		t.Fatal("unexpected Time")
	}
	if ev[1].Duration <= 0 {
		t.Fatal("unexpected Duration")
	}
	if ev[1].Err != nil {
		t.Fatal("unexpected Err")
	}
	if ev[1].Name != "tls_handshake_done" {
		t.Fatal("unexpected Name")
	}
	if ev[1].TLSCipherSuite == "" {
		t.Fatal("unexpected TLSCipherSuite")
	}
	if ev[1].TLSNegotiatedProto != "h2" {
		t.Fatal("unexpected TLSNegotiatedProto")
	}
	if !reflect.DeepEqual(ev[1].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[1].TLSPeerCerts == nil {
		t.Fatal("unexpected TLSPeerCerts")
	}
	if ev[1].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if ev[1].TLSVersion == "" {
		t.Fatal("unexpected TLSVersion")
	}
	if ev[1].Time.Before(ev[0].Time) {
		t.Fatal("unexpected Time")
	}
}

func TestSaverTLSHandshakerHostnameError(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialerLegacy{
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "wrong.host.badssl.com:443")
	if err == nil {
		t.Fatal("expected an error here")
	}
	if conn != nil {
		t.Fatal("expected nil conn here")
	}
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify == true {
			t.Fatal("expected NoTLSVerify to be false")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}

func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialerLegacy{
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "expired.badssl.com:443")
	if err == nil {
		t.Fatal("expected an error here")
	}
	if conn != nil {
		t.Fatal("expected nil conn here")
	}
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify == true {
			t.Fatal("expected NoTLSVerify to be false")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}

func TestSaverTLSHandshakerAuthorityError(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialerLegacy{
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "self-signed.badssl.com:443")
	if err == nil {
		t.Fatal("expected an error here")
	}
	if conn != nil {
		t.Fatal("expected nil conn here")
	}
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify == true {
			t.Fatal("expected NoTLSVerify to be false")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}

func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialerLegacy{
		Config: &tls.Config{InsecureSkipVerify: true},
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "self-signed.badssl.com:443")
	if err != nil {
		t.Fatal(err)
	}
	if conn == nil {
		t.Fatal("expected non-nil conn here")
	}
	conn.Close()
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify != true {
			t.Fatal("expected NoTLSVerify to be true")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`package tlsdialer_test`

			`import (`
			`"context"`
			`"crypto/tls"`
			`"net"`
			`"reflect"`
			`"testing"`
			`"time"`

			`"github.com/ooni/probe-cli/v3/internal/engine/netx/dialer"`
			`"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"`
			`"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"`
refactor: move tls handshaker to netxlite (#400) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 11:07:26 +02:00			`"github.com/ooni/probe-cli/v3/internal/netxlite"`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`)`

			`func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {`
			`// This is the most common use case for collecting reads, writes`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`nextprotos := []string{"h2"}`
			`saver := &trace.Saver{}`
feat(netxlite): implement single use {,tls} dialer (#464) This basically adapts already existing code inside websteps to instead be into the netxlite package, where it belongs. In the process, abstract the TLSDialer but keep a reference to the previous name to avoid refactoring existing code (just for now). While there, notice that the right name is CloseIdleConnections (i.e., plural not singular) and change the name. While there, since we abstracted TLSDialer to be an interface, create suitable factories for making a TLSDialer type from a Dialer and a TLSHandshaker. See https://github.com/ooni/probe/issues/1591 2021-09-06 14:12:30 +02:00			`tlsdlr := &netxlite.TLSDialerLegacy{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Config: &tls.Config{NextProtos: nextprotos},`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.NewDialerLegacyAdapter(`
			`dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),`
			`),`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`// Implementation note: we don't close the connection here because it is`
			`// very handy to have the last event being the end of the handshake`
			`_, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`ev := saver.Read()`
			`if len(ev) < 4 {`
			`// it's a bit tricky to be sure about the right number of`
			`// events because network conditions may influence that`
			`t.Fatal("unexpected number of events")`
			`}`
			`if ev[0].Name != "tls_handshake_start" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[0].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[0].Time.After(time.Now()) {`
			`t.Fatal("unexpected Time")`
			`}`
			`last := len(ev) - 1`
			`for idx := 1; idx < last; idx++ {`
			`if ev[idx].Data == nil {`
			`t.Fatal("unexpected Data")`
			`}`
			`if ev[idx].Duration <= 0 {`
			`t.Fatal("unexpected Duration")`
			`}`
			`if ev[idx].Err != nil {`
			`t.Fatal("unexpected Err")`
			`}`
			`if ev[idx].NumBytes <= 0 {`
			`t.Fatal("unexpected NumBytes")`
			`}`
			`switch ev[idx].Name {`
refactor: merge dnsx and errorsx into netxlite (#517) When preparing a tutorial for netxlite, I figured it is easier to tell people "hey, this is the package you should use for all low-level networking stuff" rather than introducing people to a set of packages working together where some piece of functionality is here and some other piece is there. Part of https://github.com/ooni/probe/issues/1591 2021-09-28 12:42:01 +02:00			`case netxlite.ReadOperation, netxlite.WriteOperation:`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`default:`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[idx].Time.Before(ev[idx-1].Time) {`
			`t.Fatal("unexpected Time")`
			`}`
			`}`
			`if ev[last].Duration <= 0 {`
			`t.Fatal("unexpected Duration")`
			`}`
			`if ev[last].Err != nil {`
			`t.Fatal("unexpected Err")`
			`}`
			`if ev[last].Name != "tls_handshake_done" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[last].TLSCipherSuite == "" {`
			`t.Fatal("unexpected TLSCipherSuite")`
			`}`
			`if ev[last].TLSNegotiatedProto != "h2" {`
			`t.Fatal("unexpected TLSNegotiatedProto")`
			`}`
			`if !reflect.DeepEqual(ev[last].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[last].TLSPeerCerts == nil {`
			`t.Fatal("unexpected TLSPeerCerts")`
			`}`
			`if ev[last].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if ev[last].TLSVersion == "" {`
			`t.Fatal("unexpected TLSVersion")`
			`}`
			`if ev[last].Time.Before(ev[last-1].Time) {`
			`t.Fatal("unexpected Time")`
			`}`
			`}`

			`func TestSaverTLSHandshakerSuccess(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`nextprotos := []string{"h2"}`
			`saver := &trace.Saver{}`
feat(netxlite): implement single use {,tls} dialer (#464) This basically adapts already existing code inside websteps to instead be into the netxlite package, where it belongs. In the process, abstract the TLSDialer but keep a reference to the previous name to avoid refactoring existing code (just for now). While there, notice that the right name is CloseIdleConnections (i.e., plural not singular) and change the name. While there, since we abstracted TLSDialer to be an interface, create suitable factories for making a TLSDialer type from a Dialer and a TLSHandshaker. See https://github.com/ooni/probe/issues/1591 2021-09-06 14:12:30 +02:00			`tlsdlr := &netxlite.TLSDialerLegacy{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Config: &tls.Config{NextProtos: nextprotos},`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`conn.Close()`
			`ev := saver.Read()`
			`if len(ev) != 2 {`
			`t.Fatal("unexpected number of events")`
			`}`
			`if ev[0].Name != "tls_handshake_start" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[0].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[0].Time.After(time.Now()) {`
			`t.Fatal("unexpected Time")`
			`}`
			`if ev[1].Duration <= 0 {`
			`t.Fatal("unexpected Duration")`
			`}`
			`if ev[1].Err != nil {`
			`t.Fatal("unexpected Err")`
			`}`
			`if ev[1].Name != "tls_handshake_done" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[1].TLSCipherSuite == "" {`
			`t.Fatal("unexpected TLSCipherSuite")`
			`}`
			`if ev[1].TLSNegotiatedProto != "h2" {`
			`t.Fatal("unexpected TLSNegotiatedProto")`
			`}`
			`if !reflect.DeepEqual(ev[1].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[1].TLSPeerCerts == nil {`
			`t.Fatal("unexpected TLSPeerCerts")`
			`}`
			`if ev[1].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if ev[1].TLSVersion == "" {`
			`t.Fatal("unexpected TLSVersion")`
			`}`
			`if ev[1].Time.Before(ev[0].Time) {`
			`t.Fatal("unexpected Time")`
			`}`
			`}`

			`func TestSaverTLSHandshakerHostnameError(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
feat(netxlite): implement single use {,tls} dialer (#464) This basically adapts already existing code inside websteps to instead be into the netxlite package, where it belongs. In the process, abstract the TLSDialer but keep a reference to the previous name to avoid refactoring existing code (just for now). While there, notice that the right name is CloseIdleConnections (i.e., plural not singular) and change the name. While there, since we abstracted TLSDialer to be an interface, create suitable factories for making a TLSDialer type from a Dialer and a TLSHandshaker. See https://github.com/ooni/probe/issues/1591 2021-09-06 14:12:30 +02:00			`tlsdlr := &netxlite.TLSDialerLegacy{`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "wrong.host.badssl.com:443")`
			`if err == nil {`
			`t.Fatal("expected an error here")`
			`}`
			`if conn != nil {`
			`t.Fatal("expected nil conn here")`
			`}`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify == true {`
			`t.Fatal("expected NoTLSVerify to be false")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`

			`func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
feat(netxlite): implement single use {,tls} dialer (#464) This basically adapts already existing code inside websteps to instead be into the netxlite package, where it belongs. In the process, abstract the TLSDialer but keep a reference to the previous name to avoid refactoring existing code (just for now). While there, notice that the right name is CloseIdleConnections (i.e., plural not singular) and change the name. While there, since we abstracted TLSDialer to be an interface, create suitable factories for making a TLSDialer type from a Dialer and a TLSHandshaker. See https://github.com/ooni/probe/issues/1591 2021-09-06 14:12:30 +02:00			`tlsdlr := &netxlite.TLSDialerLegacy{`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "expired.badssl.com:443")`
			`if err == nil {`
			`t.Fatal("expected an error here")`
			`}`
			`if conn != nil {`
			`t.Fatal("expected nil conn here")`
			`}`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify == true {`
			`t.Fatal("expected NoTLSVerify to be false")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`

			`func TestSaverTLSHandshakerAuthorityError(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
feat(netxlite): implement single use {,tls} dialer (#464) This basically adapts already existing code inside websteps to instead be into the netxlite package, where it belongs. In the process, abstract the TLSDialer but keep a reference to the previous name to avoid refactoring existing code (just for now). While there, notice that the right name is CloseIdleConnections (i.e., plural not singular) and change the name. While there, since we abstracted TLSDialer to be an interface, create suitable factories for making a TLSDialer type from a Dialer and a TLSHandshaker. See https://github.com/ooni/probe/issues/1591 2021-09-06 14:12:30 +02:00			`tlsdlr := &netxlite.TLSDialerLegacy{`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "self-signed.badssl.com:443")`
			`if err == nil {`
			`t.Fatal("expected an error here")`
			`}`
			`if conn != nil {`
			`t.Fatal("expected nil conn here")`
			`}`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify == true {`
			`t.Fatal("expected NoTLSVerify to be false")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`

			`func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
feat(netxlite): implement single use {,tls} dialer (#464) This basically adapts already existing code inside websteps to instead be into the netxlite package, where it belongs. In the process, abstract the TLSDialer but keep a reference to the previous name to avoid refactoring existing code (just for now). While there, notice that the right name is CloseIdleConnections (i.e., plural not singular) and change the name. While there, since we abstracted TLSDialer to be an interface, create suitable factories for making a TLSDialer type from a Dialer and a TLSHandshaker. See https://github.com/ooni/probe/issues/1591 2021-09-06 14:12:30 +02:00			`tlsdlr := &netxlite.TLSDialerLegacy{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Config: &tls.Config{InsecureSkipVerify: true},`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "self-signed.badssl.com:443")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if conn == nil {`
			`t.Fatal("expected non-nil conn here")`
			`}`
			`conn.Close()`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify != true {`
			`t.Fatal("expected NoTLSVerify to be true")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`