ooni-probe-cli/internal/engine/netx/tlsdialer/saver_test.go

package tlsdialer_test

import (
	"context"
	"crypto/tls"
	"net"
	"reflect"
	"testing"
	"time"

	"github.com/ooni/probe-cli/v3/internal/engine/netx/dialer"
	"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"
	"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"
	"github.com/ooni/probe-cli/v3/internal/errorsx"
	"github.com/ooni/probe-cli/v3/internal/netxlite"
)

func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {
	// This is the most common use case for collecting reads, writes
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	nextprotos := []string{"h2"}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialer{
		Config: &tls.Config{NextProtos: nextprotos},
		Dialer: netxlite.NewDialerLegacyAdapter(
			dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),
		),
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	// Implementation note: we don't close the connection here because it is
	// very handy to have the last event being the end of the handshake
	_, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")
	if err != nil {
		t.Fatal(err)
	}
	ev := saver.Read()
	if len(ev) < 4 {
		// it's a bit tricky to be sure about the right number of
		// events because network conditions may influence that
		t.Fatal("unexpected number of events")
	}
	if ev[0].Name != "tls_handshake_start" {
		t.Fatal("unexpected Name")
	}
	if ev[0].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[0].Time.After(time.Now()) {
		t.Fatal("unexpected Time")
	}
	last := len(ev) - 1
	for idx := 1; idx < last; idx++ {
		if ev[idx].Data == nil {
			t.Fatal("unexpected Data")
		}
		if ev[idx].Duration <= 0 {
			t.Fatal("unexpected Duration")
		}
		if ev[idx].Err != nil {
			t.Fatal("unexpected Err")
		}
		if ev[idx].NumBytes <= 0 {
			t.Fatal("unexpected NumBytes")
		}
		switch ev[idx].Name {
		case errorsx.ReadOperation, errorsx.WriteOperation:
		default:
			t.Fatal("unexpected Name")
		}
		if ev[idx].Time.Before(ev[idx-1].Time) {
			t.Fatal("unexpected Time")
		}
	}
	if ev[last].Duration <= 0 {
		t.Fatal("unexpected Duration")
	}
	if ev[last].Err != nil {
		t.Fatal("unexpected Err")
	}
	if ev[last].Name != "tls_handshake_done" {
		t.Fatal("unexpected Name")
	}
	if ev[last].TLSCipherSuite == "" {
		t.Fatal("unexpected TLSCipherSuite")
	}
	if ev[last].TLSNegotiatedProto != "h2" {
		t.Fatal("unexpected TLSNegotiatedProto")
	}
	if !reflect.DeepEqual(ev[last].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[last].TLSPeerCerts == nil {
		t.Fatal("unexpected TLSPeerCerts")
	}
	if ev[last].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if ev[last].TLSVersion == "" {
		t.Fatal("unexpected TLSVersion")
	}
	if ev[last].Time.Before(ev[last-1].Time) {
		t.Fatal("unexpected Time")
	}
}

func TestSaverTLSHandshakerSuccess(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	nextprotos := []string{"h2"}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialer{
		Config: &tls.Config{NextProtos: nextprotos},
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")
	if err != nil {
		t.Fatal(err)
	}
	conn.Close()
	ev := saver.Read()
	if len(ev) != 2 {
		t.Fatal("unexpected number of events")
	}
	if ev[0].Name != "tls_handshake_start" {
		t.Fatal("unexpected Name")
	}
	if ev[0].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[0].Time.After(time.Now()) {
		t.Fatal("unexpected Time")
	}
	if ev[1].Duration <= 0 {
		t.Fatal("unexpected Duration")
	}
	if ev[1].Err != nil {
		t.Fatal("unexpected Err")
	}
	if ev[1].Name != "tls_handshake_done" {
		t.Fatal("unexpected Name")
	}
	if ev[1].TLSCipherSuite == "" {
		t.Fatal("unexpected TLSCipherSuite")
	}
	if ev[1].TLSNegotiatedProto != "h2" {
		t.Fatal("unexpected TLSNegotiatedProto")
	}
	if !reflect.DeepEqual(ev[1].TLSNextProtos, nextprotos) {
		t.Fatal("unexpected TLSNextProtos")
	}
	if ev[1].TLSPeerCerts == nil {
		t.Fatal("unexpected TLSPeerCerts")
	}
	if ev[1].TLSServerName != "www.google.com" {
		t.Fatal("unexpected TLSServerName")
	}
	if ev[1].TLSVersion == "" {
		t.Fatal("unexpected TLSVersion")
	}
	if ev[1].Time.Before(ev[0].Time) {
		t.Fatal("unexpected Time")
	}
}

func TestSaverTLSHandshakerHostnameError(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialer{
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "wrong.host.badssl.com:443")
	if err == nil {
		t.Fatal("expected an error here")
	}
	if conn != nil {
		t.Fatal("expected nil conn here")
	}
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify == true {
			t.Fatal("expected NoTLSVerify to be false")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}

func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialer{
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "expired.badssl.com:443")
	if err == nil {
		t.Fatal("expected an error here")
	}
	if conn != nil {
		t.Fatal("expected nil conn here")
	}
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify == true {
			t.Fatal("expected NoTLSVerify to be false")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}

func TestSaverTLSHandshakerAuthorityError(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialer{
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "self-signed.badssl.com:443")
	if err == nil {
		t.Fatal("expected an error here")
	}
	if conn != nil {
		t.Fatal("expected nil conn here")
	}
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify == true {
			t.Fatal("expected NoTLSVerify to be false")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}

func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {
	if testing.Short() {
		t.Skip("skip test in short mode")
	}
	saver := &trace.Saver{}
	tlsdlr := &netxlite.TLSDialer{
		Config: &tls.Config{InsecureSkipVerify: true},
		Dialer: netxlite.DefaultDialer,
		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
			TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
			Saver:         saver,
		},
	}
	conn, err := tlsdlr.DialTLSContext(
		context.Background(), "tcp", "self-signed.badssl.com:443")
	if err != nil {
		t.Fatal(err)
	}
	if conn == nil {
		t.Fatal("expected non-nil conn here")
	}
	conn.Close()
	for _, ev := range saver.Read() {
		if ev.Name != "tls_handshake_done" {
			continue
		}
		if ev.NoTLSVerify != true {
			t.Fatal("expected NoTLSVerify to be true")
		}
		if len(ev.TLSPeerCerts) < 1 {
			t.Fatal("expected at least a certificate here")
		}
	}
}
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`package tlsdialer_test`

			`import (`
			`"context"`
			`"crypto/tls"`
			`"net"`
			`"reflect"`
			`"testing"`
			`"time"`

			`"github.com/ooni/probe-cli/v3/internal/engine/netx/dialer"`
			`"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"`
			`"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"`
refactor: move i/e/n/errorx to i/errorsx (#416) Still working towards https://github.com/ooni/probe/issues/1505 2021-07-01 16:34:36 +02:00			`"github.com/ooni/probe-cli/v3/internal/errorsx"`
refactor: move tls handshaker to netxlite (#400) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 11:07:26 +02:00			`"github.com/ooni/probe-cli/v3/internal/netxlite"`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`)`

			`func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {`
			`// This is the most common use case for collecting reads, writes`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`nextprotos := []string{"h2"}`
			`saver := &trace.Saver{}`
refactor: move tlsdialer to netxlite (#404) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 13:42:48 +02:00			`tlsdlr := &netxlite.TLSDialer{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Config: &tls.Config{NextProtos: nextprotos},`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.NewDialerLegacyAdapter(`
			`dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),`
			`),`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`// Implementation note: we don't close the connection here because it is`
			`// very handy to have the last event being the end of the handshake`
			`_, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`ev := saver.Read()`
			`if len(ev) < 4 {`
			`// it's a bit tricky to be sure about the right number of`
			`// events because network conditions may influence that`
			`t.Fatal("unexpected number of events")`
			`}`
			`if ev[0].Name != "tls_handshake_start" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[0].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[0].Time.After(time.Now()) {`
			`t.Fatal("unexpected Time")`
			`}`
			`last := len(ev) - 1`
			`for idx := 1; idx < last; idx++ {`
			`if ev[idx].Data == nil {`
			`t.Fatal("unexpected Data")`
			`}`
			`if ev[idx].Duration <= 0 {`
			`t.Fatal("unexpected Duration")`
			`}`
			`if ev[idx].Err != nil {`
			`t.Fatal("unexpected Err")`
			`}`
			`if ev[idx].NumBytes <= 0 {`
			`t.Fatal("unexpected NumBytes")`
			`}`
			`switch ev[idx].Name {`
refactor: move i/e/n/errorx to i/errorsx (#416) Still working towards https://github.com/ooni/probe/issues/1505 2021-07-01 16:34:36 +02:00			`case errorsx.ReadOperation, errorsx.WriteOperation:`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`default:`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[idx].Time.Before(ev[idx-1].Time) {`
			`t.Fatal("unexpected Time")`
			`}`
			`}`
			`if ev[last].Duration <= 0 {`
			`t.Fatal("unexpected Duration")`
			`}`
			`if ev[last].Err != nil {`
			`t.Fatal("unexpected Err")`
			`}`
			`if ev[last].Name != "tls_handshake_done" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[last].TLSCipherSuite == "" {`
			`t.Fatal("unexpected TLSCipherSuite")`
			`}`
			`if ev[last].TLSNegotiatedProto != "h2" {`
			`t.Fatal("unexpected TLSNegotiatedProto")`
			`}`
			`if !reflect.DeepEqual(ev[last].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[last].TLSPeerCerts == nil {`
			`t.Fatal("unexpected TLSPeerCerts")`
			`}`
			`if ev[last].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if ev[last].TLSVersion == "" {`
			`t.Fatal("unexpected TLSVersion")`
			`}`
			`if ev[last].Time.Before(ev[last-1].Time) {`
			`t.Fatal("unexpected Time")`
			`}`
			`}`

			`func TestSaverTLSHandshakerSuccess(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`nextprotos := []string{"h2"}`
			`saver := &trace.Saver{}`
refactor: move tlsdialer to netxlite (#404) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 13:42:48 +02:00			`tlsdlr := &netxlite.TLSDialer{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Config: &tls.Config{NextProtos: nextprotos},`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(context.Background(), "tcp", "www.google.com:443")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`conn.Close()`
			`ev := saver.Read()`
			`if len(ev) != 2 {`
			`t.Fatal("unexpected number of events")`
			`}`
			`if ev[0].Name != "tls_handshake_start" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[0].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if !reflect.DeepEqual(ev[0].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[0].Time.After(time.Now()) {`
			`t.Fatal("unexpected Time")`
			`}`
			`if ev[1].Duration <= 0 {`
			`t.Fatal("unexpected Duration")`
			`}`
			`if ev[1].Err != nil {`
			`t.Fatal("unexpected Err")`
			`}`
			`if ev[1].Name != "tls_handshake_done" {`
			`t.Fatal("unexpected Name")`
			`}`
			`if ev[1].TLSCipherSuite == "" {`
			`t.Fatal("unexpected TLSCipherSuite")`
			`}`
			`if ev[1].TLSNegotiatedProto != "h2" {`
			`t.Fatal("unexpected TLSNegotiatedProto")`
			`}`
			`if !reflect.DeepEqual(ev[1].TLSNextProtos, nextprotos) {`
			`t.Fatal("unexpected TLSNextProtos")`
			`}`
			`if ev[1].TLSPeerCerts == nil {`
			`t.Fatal("unexpected TLSPeerCerts")`
			`}`
			`if ev[1].TLSServerName != "www.google.com" {`
			`t.Fatal("unexpected TLSServerName")`
			`}`
			`if ev[1].TLSVersion == "" {`
			`t.Fatal("unexpected TLSVersion")`
			`}`
			`if ev[1].Time.Before(ev[0].Time) {`
			`t.Fatal("unexpected Time")`
			`}`
			`}`

			`func TestSaverTLSHandshakerHostnameError(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
refactor: move tlsdialer to netxlite (#404) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 13:42:48 +02:00			`tlsdlr := &netxlite.TLSDialer{`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "wrong.host.badssl.com:443")`
			`if err == nil {`
			`t.Fatal("expected an error here")`
			`}`
			`if conn != nil {`
			`t.Fatal("expected nil conn here")`
			`}`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify == true {`
			`t.Fatal("expected NoTLSVerify to be false")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`

			`func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
refactor: move tlsdialer to netxlite (#404) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 13:42:48 +02:00			`tlsdlr := &netxlite.TLSDialer{`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "expired.badssl.com:443")`
			`if err == nil {`
			`t.Fatal("expected an error here")`
			`}`
			`if conn != nil {`
			`t.Fatal("expected nil conn here")`
			`}`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify == true {`
			`t.Fatal("expected NoTLSVerify to be false")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`

			`func TestSaverTLSHandshakerAuthorityError(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
refactor: move tlsdialer to netxlite (#404) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 13:42:48 +02:00			`tlsdlr := &netxlite.TLSDialer{`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "self-signed.badssl.com:443")`
			`if err == nil {`
			`t.Fatal("expected an error here")`
			`}`
			`if conn != nil {`
			`t.Fatal("expected nil conn here")`
			`}`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify == true {`
			`t.Fatal("expected NoTLSVerify to be false")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`

			`func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {`
			`if testing.Short() {`
			`t.Skip("skip test in short mode")`
			`}`
			`saver := &trace.Saver{}`
refactor: move tlsdialer to netxlite (#404) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 13:42:48 +02:00			`tlsdlr := &netxlite.TLSDialer{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Config: &tls.Config{InsecureSkipVerify: true},`
refactor(dialer): it should close idle connections (#457) Like we did before for the resolver, a dialer should propagate the request to close idle connections to underlying types. See https://github.com/ooni/probe/issues/1591 2021-09-05 19:55:28 +02:00			`Dialer: netxlite.DefaultDialer,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSHandshaker: tlsdialer.SaverTLSHandshaker{`
fix(netxlite): improve TLS auto-configuration (#409) Auto-configure every relevant TLS field as close as possible to where it's actually used. As a side effect, add support for mocking the creation of a TLS connection, which should possibly be useful for uTLS? Work that is part of https://github.com/ooni/probe/issues/1505 2021-06-25 20:51:59 +02:00			`TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Saver: saver,`
			`},`
			`}`
			`conn, err := tlsdlr.DialTLSContext(`
			`context.Background(), "tcp", "self-signed.badssl.com:443")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if conn == nil {`
			`t.Fatal("expected non-nil conn here")`
			`}`
			`conn.Close()`
			`for _, ev := range saver.Read() {`
			`if ev.Name != "tls_handshake_done" {`
			`continue`
			`}`
			`if ev.NoTLSVerify != true {`
			`t.Fatal("expected NoTLSVerify to be true")`
			`}`
			`if len(ev.TLSPeerCerts) < 1 {`
			`t.Fatal("expected at least a certificate here")`
			`}`
			`}`
			`}`