chore: upgrade to go1.18.2 (#750)

I have not upgraded ooni/go yet because I am also checking whether it would be possible instead to use ooni/oocrypto as documented in the https://github.com/ooni/probe/issues/2106 issue. Closes https://github.com/ooni/probe/issues/2070 Closes https://github.com/ooni/probe/issues/2077
2022-05-22 18:11:37 +02:00 · 2022-05-22 18:11:37 +02:00 · a1df3b4070
commit a1df3b4070
parent 395961c4da
23 changed files with 26 additions and 451 deletions
--- a/.github/workflows/alltests.yml
+++ b/.github/workflows/alltests.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: go test -race -tags shaping ./...
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -13,7 +13,6 @@ jobs:
    strategy:
      matrix:
        go:
          - "1.17.10"
          - "1.18.2"
    steps:
      - uses: magnetikonline/action-golang-cache@v2
--- a/.github/workflows/generate.yml
+++ b/.github/workflows/generate.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: go generate ./...
--- a/.github/workflows/ios.yml
+++ b/.github/workflows/ios.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/.github/workflows/jafar.yml
+++ b/.github/workflows/jafar.yml
@ -10,7 +10,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: go build -v ./internal/cmd/jafar
      - run: sudo ./testjafar.bash
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/.github/workflows/miniooni.yml
+++ b/.github/workflows/miniooni.yml
@ -19,7 +19,7 @@ jobs:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
--- a/.github/workflows/netxlite.yml
+++ b/.github/workflows/netxlite.yml
@ -10,7 +10,7 @@ jobs:
    runs-on: "${{ matrix.os }}"
    strategy:
      matrix:
-        go: [ "1.17.10" ]
+        go: [ "1.18.2" ]
        os: [ "ubuntu-20.04", "windows-2019", "macos-10.15" ]
    steps:
      - uses: magnetikonline/action-golang-cache@v2
--- a/.github/workflows/oohelperd.yml
+++ b/.github/workflows/oohelperd.yml
@ -14,7 +14,7 @@ jobs:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - name: build oohelperd binary
        run: GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./CLI/oohelperd-linux-amd64 -v -tags netgo -ldflags="-s -w -extldflags -static" ./internal/cmd/oohelperd
--- a/.github/workflows/qafbmessenger.yml
+++ b/.github/workflows/qafbmessenger.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "fbmessenger"
--- a/.github/workflows/qahhfm.yml
+++ b/.github/workflows/qahhfm.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "hhfm"
--- a/.github/workflows/qahirl.yml
+++ b/.github/workflows/qahirl.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "hirl"
--- a/.github/workflows/qatelegram.yml
+++ b/.github/workflows/qatelegram.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "telegram"
--- a/.github/workflows/qawebconnectivity.yml
+++ b/.github/workflows/qawebconnectivity.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "webconnectivity"
--- a/.github/workflows/qawhatsapp.yml
+++ b/.github/workflows/qawhatsapp.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "whatsapp"
--- a/.github/workflows/tarball.yml
+++ b/.github/workflows/tarball.yml
@ -16,7 +16,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.17.10
+          go-version: "1.18.2"
      - name: Generate release tarball
        run: |
          VERSION=${GITHUB_REF_NAME#v}
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/go.mod
+++ b/go.mod
@ -27,7 +27,7 @@ require (
 	github.com/mitchellh/go-wordwrap v1.0.1
 	github.com/montanaflynn/stats v0.6.6
 	github.com/ooni/go-libtor v1.1.5
-	github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625
+	github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e
 	github.com/ooni/probe-assets v0.9.0
 	github.com/ooni/psiphon/tunnel-core v0.0.0-20220519122549-9c044eb6bd83
 	github.com/oschwald/geoip2-golang v1.7.0
@ -40,7 +40,7 @@ require (
 	gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d
 	gitlab.com/yawning/utls.git v0.0.12-1
 	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
-	golang.org/x/net v0.0.0-20220517181318-183a9ca12b87
+	golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2
 	golang.org/x/sys v0.0.0-20220519141025-dcacdad47464
 )
--- a/go.sum
+++ b/go.sum
@ -614,8 +614,8 @@ github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/ooni/go-libtor v1.1.5 h1:YbwXR9aLuL37EwL7rksPCQQhcHwoxU+M/v+jwZR+n5Y=
 github.com/ooni/go-libtor v1.1.5/go.mod h1:q1YyLwRD9GeMyeerVvwc0vJ2YgwDLTp2bdVcrh/JXyI=
-github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625 h1:tSggIjFQEd3y3W/SInOPeLHxYHhs6+UFgbK5I+Z5G2g=
+github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e h1:hM6+SmEh6aCzXZDIHTwA0UeyjXNy7EfK1NpE3zr3WBo=
-github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625/go.mod h1:94RvV+x6crHzYeO8c/LUtkK4uY7QX2kldN3RyvThgzU=
+github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e/go.mod h1:p2VVLbs+BXBIgTHITV9Vw8Rv6G1u66JUWP/8KCgDGNo=
 github.com/ooni/probe-assets v0.9.0 h1:RBqouztuKP0kWJzYwBjY0fPiwl5MQ8Aosy6ks8j1hR4=
 github.com/ooni/probe-assets v0.9.0/go.mod h1:N0PyNM3aadlYDDCFXAPzs54HC54+MZA/4/xnCtd9EAo=
 github.com/ooni/psiphon/tunnel-core v0.0.0-20220519122549-9c044eb6bd83 h1:xflU9CdKoHLMhVpt/beum7xw5erAR20wKawZSNWoJAA=
@ -1075,8 +1075,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220401154927-543a649e0bdd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220517181318-183a9ca12b87 h1:cCR+9mKLOGyX4Zx+uBZDXEDAQsvKQ/XbW4vreG5v1jU=
+golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y=
-golang.org/x/net v0.0.0-20220517181318-183a9ca12b87/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
--- a/internal/archival/quic_test.go
+++ b/internal/archival/quic_test.go
@ -1,5 +1,3 @@
 //go:build !go1.18
 package archival
 import (
@ -14,7 +12,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/lucas-clemente/quic-go"
-	"github.com/marten-seemann/qtls-go1-17" // it's annoying to depend on that
+	"github.com/marten-seemann/qtls-go1-18" // it's annoying to depend on that
 	"github.com/ooni/probe-cli/v3/internal/fakefill"
 	"github.com/ooni/probe-cli/v3/internal/model"
 	"github.com/ooni/probe-cli/v3/internal/model/mocks"
--- a/internal/archival/quic_test_go118.go
+++ b/internal/archival/quic_test_go118.go
@ -1,422 +0,0 @@
 //go:build go1.18
 package archival
 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"io"
 	"net"
 	"testing"
 	"time"
 	"github.com/google/go-cmp/cmp"
 	"github.com/lucas-clemente/quic-go"
 	"github.com/marten-seemann/qtls-go1-18" // it's annoying to depend on that
 	"github.com/ooni/probe-cli/v3/internal/fakefill"
 	"github.com/ooni/probe-cli/v3/internal/model"
 	"github.com/ooni/probe-cli/v3/internal/model/mocks"
 	"github.com/ooni/probe-cli/v3/internal/netxlite"
 )
 func TestSaverWriteTo(t *testing.T) {
 	// newAddr creates an new net.Addr for testing.
 	newAddr := func(endpoint string) net.Addr {
 		return &mocks.Addr{
 			MockString: func() string {
 				return endpoint
 			},
 			MockNetwork: func() string {
 				return "udp"
 			},
 		}
 	}
 	// newConn is a helper function for creating a new connection.
 	newConn := func(numBytes int, err error) model.UDPLikeConn {
 		return &mocks.UDPLikeConn{
 			MockWriteTo: func(p []byte, addr net.Addr) (int, error) {
 				time.Sleep(time.Microsecond)
 				return numBytes, err
 			},
 		}
 	}
 	t.Run("on success", func(t *testing.T) {
 		const mockedEndpoint = "8.8.4.4:443"
 		const mockedNumBytes = 128
 		addr := newAddr(mockedEndpoint)
 		conn := newConn(mockedNumBytes, nil)
 		saver := NewSaver()
 		v := &SingleNetworkEventValidator{
 			ExpectedCount:   mockedNumBytes,
 			ExpectedErr:     nil,
 			ExpectedNetwork: "udp",
 			ExpectedOp:      netxlite.WriteToOperation,
 			ExpectedEpnt:    mockedEndpoint,
 			Saver:           saver,
 		}
 		buf := make([]byte, 1024)
 		count, err := saver.WriteTo(conn, buf, addr)
 		if err != nil {
 			t.Fatal(err)
 		}
 		if count != mockedNumBytes {
 			t.Fatal("invalid count")
 		}
 		if err := v.Validate(); err != nil {
 			t.Fatal(err)
 		}
 	})
 	t.Run("on failure", func(t *testing.T) {
 		const mockedEndpoint = "8.8.4.4:443"
 		mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF)
 		addr := newAddr(mockedEndpoint)
 		conn := newConn(0, mockedError)
 		saver := NewSaver()
 		v := &SingleNetworkEventValidator{
 			ExpectedCount:   0,
 			ExpectedErr:     mockedError,
 			ExpectedNetwork: "udp",
 			ExpectedOp:      netxlite.WriteToOperation,
 			ExpectedEpnt:    mockedEndpoint,
 			Saver:           saver,
 		}
 		buf := make([]byte, 1024)
 		count, err := saver.WriteTo(conn, buf, addr)
 		if !errors.Is(err, mockedError) {
 			t.Fatal("unexpected err", err)
 		}
 		if count != 0 {
 			t.Fatal("invalid count")
 		}
 		if err := v.Validate(); err != nil {
 			t.Fatal(err)
 		}
 	})
 }
 func TestSaverReadFrom(t *testing.T) {
 	// newAddr creates an new net.Addr for testing.
 	newAddr := func(endpoint string) net.Addr {
 		return &mocks.Addr{
 			MockString: func() string {
 				return endpoint
 			},
 			MockNetwork: func() string {
 				return "udp"
 			},
 		}
 	}
 	// newConn is a helper function for creating a new connection.
 	newConn := func(numBytes int, addr net.Addr, err error) model.UDPLikeConn {
 		return &mocks.UDPLikeConn{
 			MockReadFrom: func(p []byte) (int, net.Addr, error) {
 				time.Sleep(time.Microsecond)
 				return numBytes, addr, err
 			},
 		}
 	}
 	t.Run("on success", func(t *testing.T) {
 		const mockedEndpoint = "8.8.4.4:443"
 		const mockedNumBytes = 128
 		expectedAddr := newAddr(mockedEndpoint)
 		conn := newConn(mockedNumBytes, expectedAddr, nil)
 		saver := NewSaver()
 		v := &SingleNetworkEventValidator{
 			ExpectedCount:   mockedNumBytes,
 			ExpectedErr:     nil,
 			ExpectedNetwork: "udp",
 			ExpectedOp:      netxlite.ReadFromOperation,
 			ExpectedEpnt:    mockedEndpoint,
 			Saver:           saver,
 		}
 		buf := make([]byte, 1024)
 		count, addr, err := saver.ReadFrom(conn, buf)
 		if err != nil {
 			t.Fatal(err)
 		}
 		if expectedAddr.Network() != addr.Network() {
 			t.Fatal("invalid addr.Network")
 		}
 		if expectedAddr.String() != addr.String() {
 			t.Fatal("invalid addr.String")
 		}
 		if count != mockedNumBytes {
 			t.Fatal("invalid count")
 		}
 		if err := v.Validate(); err != nil {
 			t.Fatal(err)
 		}
 	})
 	t.Run("on failure", func(t *testing.T) {
 		mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF)
 		conn := newConn(0, nil, mockedError)
 		saver := NewSaver()
 		v := &SingleNetworkEventValidator{
 			ExpectedCount:   0,
 			ExpectedErr:     mockedError,
 			ExpectedNetwork: "udp",
 			ExpectedOp:      netxlite.ReadFromOperation,
 			ExpectedEpnt:    "",
 			Saver:           saver,
 		}
 		buf := make([]byte, 1024)
 		count, addr, err := saver.ReadFrom(conn, buf)
 		if !errors.Is(err, mockedError) {
 			t.Fatal(err)
 		}
 		if addr != nil {
 			t.Fatal("invalid addr")
 		}
 		if count != 0 {
 			t.Fatal("invalid count")
 		}
 		if err := v.Validate(); err != nil {
 			t.Fatal(err)
 		}
 	})
 }
 func TestSaverQUICDialContext(t *testing.T) {
 	// newQUICDialer creates a new QUICDialer for testing.
 	newQUICDialer := func(qconn quic.EarlyConnection, err error) model.QUICDialer {
 		return &mocks.QUICDialer{
 			MockDialContext: func(
 				ctx context.Context, network, address string, tlsConfig *tls.Config,
 				quicConfig *quic.Config) (quic.EarlyConnection, error) {
 				time.Sleep(time.Microsecond)
 				return qconn, err
 			},
 		}
 	}
 	// newQUICConnection creates a new quic.EarlyConnection for testing.
 	newQUICConnection := func(handshakeComplete context.Context, state tls.ConnectionState) quic.EarlyConnection {
 		return &mocks.QUICEarlyConnection{
 			MockHandshakeComplete: func() context.Context {
 				return handshakeComplete
 			},
 			MockConnectionState: func() quic.ConnectionState {
 				return quic.ConnectionState{
 					TLS: qtls.ConnectionStateWith0RTT{
 						ConnectionState: state,
 					},
 				}
 			},
 			MockCloseWithError: func(code quic.ApplicationErrorCode, reason string) error {
 				return nil
 			},
 		}
 	}
 	t.Run("on success", func(t *testing.T) {
 		handshakeCtx := context.Background()
 		handshakeCtx, handshakeCancel := context.WithCancel(handshakeCtx)
 		handshakeCancel() // simulate a completed handshake
 		const expectedNetwork = "udp"
 		const mockedEndpoint = "8.8.4.4:443"
 		saver := NewSaver()
 		var peerCerts [][]byte
 		ff := &fakefill.Filler{}
 		ff.Fill(&peerCerts)
 		if len(peerCerts) < 1 {
 			t.Fatal("did not fill peerCerts")
 		}
 		v := &SingleQUICTLSHandshakeValidator{
 			ExpectedALPN:       []string{"h3"},
 			ExpectedSNI:        "dns.google",
 			ExpectedSkipVerify: true,
 			//
 			ExpectedCipherSuite:        tls.TLS_AES_128_GCM_SHA256,
 			ExpectedNegotiatedProtocol: "h3",
 			ExpectedPeerCerts:          peerCerts,
 			ExpectedVersion:            tls.VersionTLS13,
 			//
 			ExpectedNetwork:    "quic",
 			ExpectedRemoteAddr: mockedEndpoint,
 			//
 			QUICConfig: &quic.Config{},
 			//
 			ExpectedFailure: nil,
 			Saver:           saver,
 		}
 		qconn := newQUICConnection(handshakeCtx, v.NewTLSConnectionState())
 		dialer := newQUICDialer(qconn, nil)
 		ctx := context.Background()
 		qconn, err := saver.QUICDialContext(ctx, dialer, expectedNetwork,
 			mockedEndpoint, v.NewTLSConfig(), v.QUICConfig)
 		if err != nil {
 			t.Fatal(err)
 		}
 		if qconn == nil {
 			t.Fatal("expected nil qconn")
 		}
 		qconn.CloseWithError(0, "")
 		if err := v.Validate(); err != nil {
 			t.Fatal(err)
 		}
 	})
 	t.Run("on other error", func(t *testing.T) {
 		mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF)
 		const expectedNetwork = "udp"
 		const mockedEndpoint = "8.8.4.4:443"
 		saver := NewSaver()
 		v := &SingleQUICTLSHandshakeValidator{
 			ExpectedALPN:       []string{"h3"},
 			ExpectedSNI:        "dns.google",
 			ExpectedSkipVerify: true,
 			//
 			ExpectedCipherSuite:        0,
 			ExpectedNegotiatedProtocol: "",
 			ExpectedPeerCerts:          nil,
 			ExpectedVersion:            0,
 			//
 			ExpectedNetwork:    "quic",
 			ExpectedRemoteAddr: mockedEndpoint,
 			//
 			QUICConfig: &quic.Config{},
 			//
 			ExpectedFailure: mockedError,
 			Saver:           saver,
 		}
 		dialer := newQUICDialer(nil, mockedError)
 		ctx := context.Background()
 		qconn, err := saver.QUICDialContext(ctx, dialer, expectedNetwork,
 			mockedEndpoint, v.NewTLSConfig(), v.QUICConfig)
 		if !errors.Is(err, mockedError) {
 			t.Fatal("unexpected error")
 		}
 		if qconn != nil {
 			t.Fatal("expected nil connection")
 		}
 		if err := v.Validate(); err != nil {
 			t.Fatal(err)
 		}
 	})
 	// TODO(bassosimone): here we're not testing the case in which
 	// the certificate is invalid for the required SNI.
 	//
 	// We need first to figure out whether this is what happens
 	// when we validate for QUIC in such cases. If that's the case
 	// indeed, then we can write the tests.
 	t.Run("on x509.HostnameError", func(t *testing.T) {
 		t.Skip("test not implemented")
 	})
 	t.Run("on x509.UnknownAuthorityError", func(t *testing.T) {
 		t.Skip("test not implemented")
 	})
 	t.Run("on x509.CertificateInvalidError", func(t *testing.T) {
 		t.Skip("test not implemented")
 	})
 }
 type SingleQUICTLSHandshakeValidator struct {
 	// related to the tls.Config
 	ExpectedALPN       []string
 	ExpectedSNI        string
 	ExpectedSkipVerify bool
 	// related to the tls.ConnectionState
 	ExpectedCipherSuite        uint16
 	ExpectedNegotiatedProtocol string
 	ExpectedPeerCerts          [][]byte
 	ExpectedVersion            uint16
 	// related to the mocked conn (TLS) / dial params (QUIC)
 	ExpectedNetwork    string
 	ExpectedRemoteAddr string
 	// tells us whether we're using QUIC
 	QUICConfig *quic.Config
 	// other fields
 	ExpectedFailure error
 	Saver           *Saver
 }
 func (v *SingleQUICTLSHandshakeValidator) NewTLSConfig() *tls.Config {
 	return &tls.Config{
 		NextProtos:         v.ExpectedALPN,
 		ServerName:         v.ExpectedSNI,
 		InsecureSkipVerify: v.ExpectedSkipVerify,
 	}
 }
 func (v *SingleQUICTLSHandshakeValidator) NewTLSConnectionState() tls.ConnectionState {
 	var state tls.ConnectionState
 	if v.ExpectedCipherSuite != 0 {
 		state.CipherSuite = v.ExpectedCipherSuite
 	}
 	if v.ExpectedNegotiatedProtocol != "" {
 		state.NegotiatedProtocol = v.ExpectedNegotiatedProtocol
 	}
 	for _, cert := range v.ExpectedPeerCerts {
 		state.PeerCertificates = append(state.PeerCertificates, &x509.Certificate{
 			Raw: cert,
 		})
 	}
 	if v.ExpectedVersion != 0 {
 		state.Version = v.ExpectedVersion
 	}
 	return state
 }
 func (v *SingleQUICTLSHandshakeValidator) Validate() error {
 	trace := v.Saver.MoveOutTrace()
 	var entries []*QUICTLSHandshakeEvent
 	if v.QUICConfig != nil {
 		entries = trace.QUICHandshake
 	} else {
 		entries = trace.TLSHandshake
 	}
 	if len(entries) != 1 {
 		return errors.New("expected to see a single entry")
 	}
 	entry := entries[0]
 	if diff := cmp.Diff(entry.ALPN, v.ExpectedALPN); diff != "" {
 		return errors.New(diff)
 	}
 	if entry.CipherSuite != netxlite.TLSCipherSuiteString(v.ExpectedCipherSuite) {
 		return errors.New("unexpected .CipherSuite")
 	}
 	if !errors.Is(entry.Failure, v.ExpectedFailure) {
 		return errors.New("unexpected .Failure")
 	}
 	if !entry.Finished.After(entry.Started) {
 		return errors.New(".Finished is not after .Started")
 	}
 	if entry.NegotiatedProto != v.ExpectedNegotiatedProtocol {
 		return errors.New("unexpected .NegotiatedProto")
 	}
 	if entry.Network != v.ExpectedNetwork {
 		return errors.New("unexpected .Network")
 	}
 	if diff := cmp.Diff(entry.PeerCerts, v.ExpectedPeerCerts); diff != "" {
 		return errors.New("unexpected .PeerCerts")
 	}
 	if entry.RemoteAddr != v.ExpectedRemoteAddr {
 		return errors.New("unexpected .RemoteAddr")
 	}
 	if entry.SNI != v.ExpectedSNI {
 		return errors.New("unexpected .ServerName")
 	}
 	if entry.SkipVerify != v.ExpectedSkipVerify {
 		return errors.New("unexpected .SkipVerify")
 	}
 	if entry.TLSVersion != netxlite.TLSVersionString(v.ExpectedVersion) {
 		return errors.New("unexpected .Version")
 	}
 	return nil
 }
--- a/4
+++ b/4
@ -64,7 +64,7 @@ GOLANG_EXTRA_FLAGS =
 #help:
 #help: * GOLANG_VERSION_NUMBER : the expected version number for golang.
-GOLANG_VERSION_NUMBER = 1.17.10
+GOLANG_VERSION_NUMBER = 1.18.2
 #help:
 #help: * MINGW_W64_VERSION     : the expected mingw-w64 version.
@ -72,7 +72,7 @@ MINGW_W64_VERSION = 10.3.1
 #help:
 #help: * OONIGO_BRANCH         : the github.com/ooni/go branch to use.
-OONIGO_BRANCH = oonigo1.17.10
+OONIGO_BRANCH = oonigo1.18.2
 #help:
 #help: * OONI_PSIPHON_TAGS     : build tags for `go build -tags ...` that cause