chore: upgrade to go1.18.2 (#750)

I have not upgraded ooni/go yet because I am also checking whether it would be possible instead to use ooni/oocrypto as documented in the https://github.com/ooni/probe/issues/2106 issue. Closes https://github.com/ooni/probe/issues/2070 Closes https://github.com/ooni/probe/issues/2077
2022-05-22 18:11:37 +02:00 · 2022-05-22 18:11:37 +02:00 · a1df3b4070
commit a1df3b4070
parent 395961c4da
23 changed files with 26 additions and 451 deletions
--- a/.github/workflows/alltests.yml
+++ b/.github/workflows/alltests.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: go test -race -tags shaping ./...
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -13,7 +13,6 @@ jobs:
    strategy:
      matrix:
        go:
-          - "1.17.10"
          - "1.18.2"
    steps:
      - uses: magnetikonline/action-golang-cache@v2
--- a/.github/workflows/generate.yml
+++ b/.github/workflows/generate.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: go generate ./...
--- a/.github/workflows/ios.yml
+++ b/.github/workflows/ios.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/.github/workflows/jafar.yml
+++ b/.github/workflows/jafar.yml
@ -10,7 +10,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: go build -v ./internal/cmd/jafar
      - run: sudo ./testjafar.bash
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/.github/workflows/miniooni.yml
+++ b/.github/workflows/miniooni.yml
@ -19,7 +19,7 @@ jobs:

      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"

      - uses: actions/checkout@v2
        with:
--- a/.github/workflows/netxlite.yml
+++ b/.github/workflows/netxlite.yml
@ -10,7 +10,7 @@ jobs:
    runs-on: "${{ matrix.os }}"
    strategy:
      matrix:
-        go: [ "1.17.10" ]
+        go: [ "1.18.2" ]
        os: [ "ubuntu-20.04", "windows-2019", "macos-10.15" ]
    steps:
      - uses: magnetikonline/action-golang-cache@v2
--- a/.github/workflows/oohelperd.yml
+++ b/.github/workflows/oohelperd.yml
@ -14,7 +14,7 @@ jobs:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"

      - name: build oohelperd binary
        run: GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./CLI/oohelperd-linux-amd64 -v -tags netgo -ldflags="-s -w -extldflags -static" ./internal/cmd/oohelperd
--- a/.github/workflows/qafbmessenger.yml
+++ b/.github/workflows/qafbmessenger.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "fbmessenger"
--- a/.github/workflows/qahhfm.yml
+++ b/.github/workflows/qahhfm.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "hhfm"
--- a/.github/workflows/qahirl.yml
+++ b/.github/workflows/qahirl.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "hirl"
--- a/.github/workflows/qatelegram.yml
+++ b/.github/workflows/qatelegram.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "telegram"
--- a/.github/workflows/qawebconnectivity.yml
+++ b/.github/workflows/qawebconnectivity.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "webconnectivity"
--- a/.github/workflows/qawhatsapp.yml
+++ b/.github/workflows/qawhatsapp.yml
@ -10,6 +10,6 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
      - run: ./QA/rundocker.bash "whatsapp"
--- a/.github/workflows/tarball.yml
+++ b/.github/workflows/tarball.yml
@ -16,7 +16,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.17.10
+          go-version: "1.18.2"
      - name: Generate release tarball
        run: |
          VERSION=${GITHUB_REF_NAME#v}
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      - uses: actions/setup-go@v1
        with:
-          go-version: "1.17.10"
+          go-version: "1.18.2"
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
--- a/go.mod
+++ b/go.mod
@ -27,7 +27,7 @@ require (
 	github.com/mitchellh/go-wordwrap v1.0.1
 	github.com/montanaflynn/stats v0.6.6
 	github.com/ooni/go-libtor v1.1.5
-	github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625
+	github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e
 	github.com/ooni/probe-assets v0.9.0
 	github.com/ooni/psiphon/tunnel-core v0.0.0-20220519122549-9c044eb6bd83
 	github.com/oschwald/geoip2-golang v1.7.0
@ -40,7 +40,7 @@ require (
 	gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d
 	gitlab.com/yawning/utls.git v0.0.12-1
 	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
-	golang.org/x/net v0.0.0-20220517181318-183a9ca12b87
+	golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2
 	golang.org/x/sys v0.0.0-20220519141025-dcacdad47464
 )

--- a/go.sum
+++ b/go.sum
@ -614,8 +614,8 @@ github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/ooni/go-libtor v1.1.5 h1:YbwXR9aLuL37EwL7rksPCQQhcHwoxU+M/v+jwZR+n5Y=
 github.com/ooni/go-libtor v1.1.5/go.mod h1:q1YyLwRD9GeMyeerVvwc0vJ2YgwDLTp2bdVcrh/JXyI=
-github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625 h1:tSggIjFQEd3y3W/SInOPeLHxYHhs6+UFgbK5I+Z5G2g=
-github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625/go.mod h1:94RvV+x6crHzYeO8c/LUtkK4uY7QX2kldN3RyvThgzU=
+github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e h1:hM6+SmEh6aCzXZDIHTwA0UeyjXNy7EfK1NpE3zr3WBo=
+github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e/go.mod h1:p2VVLbs+BXBIgTHITV9Vw8Rv6G1u66JUWP/8KCgDGNo=
 github.com/ooni/probe-assets v0.9.0 h1:RBqouztuKP0kWJzYwBjY0fPiwl5MQ8Aosy6ks8j1hR4=
 github.com/ooni/probe-assets v0.9.0/go.mod h1:N0PyNM3aadlYDDCFXAPzs54HC54+MZA/4/xnCtd9EAo=
 github.com/ooni/psiphon/tunnel-core v0.0.0-20220519122549-9c044eb6bd83 h1:xflU9CdKoHLMhVpt/beum7xw5erAR20wKawZSNWoJAA=
@ -1075,8 +1075,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220401154927-543a649e0bdd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220517181318-183a9ca12b87 h1:cCR+9mKLOGyX4Zx+uBZDXEDAQsvKQ/XbW4vreG5v1jU=
-golang.org/x/net v0.0.0-20220517181318-183a9ca12b87/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y=
+golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
--- a/internal/archival/quic_test.go
+++ b/internal/archival/quic_test.go
@ -1,5 +1,3 @@
-//go:build !go1.18
-
 package archival

 import (
@ -14,7 +12,7 @@ import (

 	"github.com/google/go-cmp/cmp"
 	"github.com/lucas-clemente/quic-go"
-	"github.com/marten-seemann/qtls-go1-17" // it's annoying to depend on that
+	"github.com/marten-seemann/qtls-go1-18" // it's annoying to depend on that
 	"github.com/ooni/probe-cli/v3/internal/fakefill"
 	"github.com/ooni/probe-cli/v3/internal/model"
 	"github.com/ooni/probe-cli/v3/internal/model/mocks"
--- a/internal/archival/quic_test_go118.go
+++ b/internal/archival/quic_test_go118.go
@ -1,422 +0,0 @@
-//go:build go1.18
-
-package archival
-
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"errors"
-	"io"
-	"net"
-	"testing"
-	"time"
-
-	"github.com/google/go-cmp/cmp"
-	"github.com/lucas-clemente/quic-go"
-	"github.com/marten-seemann/qtls-go1-18" // it's annoying to depend on that
-	"github.com/ooni/probe-cli/v3/internal/fakefill"
-	"github.com/ooni/probe-cli/v3/internal/model"
-	"github.com/ooni/probe-cli/v3/internal/model/mocks"
-	"github.com/ooni/probe-cli/v3/internal/netxlite"
-)
-
-func TestSaverWriteTo(t *testing.T) {
-	// newAddr creates an new net.Addr for testing.
-	newAddr := func(endpoint string) net.Addr {
-		return &mocks.Addr{
-			MockString: func() string {
-				return endpoint
-			},
-			MockNetwork: func() string {
-				return "udp"
-			},
-		}
-	}
-
-	// newConn is a helper function for creating a new connection.
-	newConn := func(numBytes int, err error) model.UDPLikeConn {
-		return &mocks.UDPLikeConn{
-			MockWriteTo: func(p []byte, addr net.Addr) (int, error) {
-				time.Sleep(time.Microsecond)
-				return numBytes, err
-			},
-		}
-	}
-
-	t.Run("on success", func(t *testing.T) {
-		const mockedEndpoint = "8.8.4.4:443"
-		const mockedNumBytes = 128
-		addr := newAddr(mockedEndpoint)
-		conn := newConn(mockedNumBytes, nil)
-		saver := NewSaver()
-		v := &SingleNetworkEventValidator{
-			ExpectedCount:   mockedNumBytes,
-			ExpectedErr:     nil,
-			ExpectedNetwork: "udp",
-			ExpectedOp:      netxlite.WriteToOperation,
-			ExpectedEpnt:    mockedEndpoint,
-			Saver:           saver,
-		}
-		buf := make([]byte, 1024)
-		count, err := saver.WriteTo(conn, buf, addr)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if count != mockedNumBytes {
-			t.Fatal("invalid count")
-		}
-		if err := v.Validate(); err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	t.Run("on failure", func(t *testing.T) {
-		const mockedEndpoint = "8.8.4.4:443"
-		mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF)
-		addr := newAddr(mockedEndpoint)
-		conn := newConn(0, mockedError)
-		saver := NewSaver()
-		v := &SingleNetworkEventValidator{
-			ExpectedCount:   0,
-			ExpectedErr:     mockedError,
-			ExpectedNetwork: "udp",
-			ExpectedOp:      netxlite.WriteToOperation,
-			ExpectedEpnt:    mockedEndpoint,
-			Saver:           saver,
-		}
-		buf := make([]byte, 1024)
-		count, err := saver.WriteTo(conn, buf, addr)
-		if !errors.Is(err, mockedError) {
-			t.Fatal("unexpected err", err)
-		}
-		if count != 0 {
-			t.Fatal("invalid count")
-		}
-		if err := v.Validate(); err != nil {
-			t.Fatal(err)
-		}
-	})
-}
-
-func TestSaverReadFrom(t *testing.T) {
-	// newAddr creates an new net.Addr for testing.
-	newAddr := func(endpoint string) net.Addr {
-		return &mocks.Addr{
-			MockString: func() string {
-				return endpoint
-			},
-			MockNetwork: func() string {
-				return "udp"
-			},
-		}
-	}
-
-	// newConn is a helper function for creating a new connection.
-	newConn := func(numBytes int, addr net.Addr, err error) model.UDPLikeConn {
-		return &mocks.UDPLikeConn{
-			MockReadFrom: func(p []byte) (int, net.Addr, error) {
-				time.Sleep(time.Microsecond)
-				return numBytes, addr, err
-			},
-		}
-	}
-
-	t.Run("on success", func(t *testing.T) {
-		const mockedEndpoint = "8.8.4.4:443"
-		const mockedNumBytes = 128
-		expectedAddr := newAddr(mockedEndpoint)
-		conn := newConn(mockedNumBytes, expectedAddr, nil)
-		saver := NewSaver()
-		v := &SingleNetworkEventValidator{
-			ExpectedCount:   mockedNumBytes,
-			ExpectedErr:     nil,
-			ExpectedNetwork: "udp",
-			ExpectedOp:      netxlite.ReadFromOperation,
-			ExpectedEpnt:    mockedEndpoint,
-			Saver:           saver,
-		}
-		buf := make([]byte, 1024)
-		count, addr, err := saver.ReadFrom(conn, buf)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if expectedAddr.Network() != addr.Network() {
-			t.Fatal("invalid addr.Network")
-		}
-		if expectedAddr.String() != addr.String() {
-			t.Fatal("invalid addr.String")
-		}
-		if count != mockedNumBytes {
-			t.Fatal("invalid count")
-		}
-		if err := v.Validate(); err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	t.Run("on failure", func(t *testing.T) {
-		mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF)
-		conn := newConn(0, nil, mockedError)
-		saver := NewSaver()
-		v := &SingleNetworkEventValidator{
-			ExpectedCount:   0,
-			ExpectedErr:     mockedError,
-			ExpectedNetwork: "udp",
-			ExpectedOp:      netxlite.ReadFromOperation,
-			ExpectedEpnt:    "",
-			Saver:           saver,
-		}
-		buf := make([]byte, 1024)
-		count, addr, err := saver.ReadFrom(conn, buf)
-		if !errors.Is(err, mockedError) {
-			t.Fatal(err)
-		}
-		if addr != nil {
-			t.Fatal("invalid addr")
-		}
-		if count != 0 {
-			t.Fatal("invalid count")
-		}
-		if err := v.Validate(); err != nil {
-			t.Fatal(err)
-		}
-	})
-}
-
-func TestSaverQUICDialContext(t *testing.T) {
-	// newQUICDialer creates a new QUICDialer for testing.
-	newQUICDialer := func(qconn quic.EarlyConnection, err error) model.QUICDialer {
-		return &mocks.QUICDialer{
-			MockDialContext: func(
-				ctx context.Context, network, address string, tlsConfig *tls.Config,
-				quicConfig *quic.Config) (quic.EarlyConnection, error) {
-				time.Sleep(time.Microsecond)
-				return qconn, err
-			},
-		}
-	}
-
-	// newQUICConnection creates a new quic.EarlyConnection for testing.
-	newQUICConnection := func(handshakeComplete context.Context, state tls.ConnectionState) quic.EarlyConnection {
-		return &mocks.QUICEarlyConnection{
-			MockHandshakeComplete: func() context.Context {
-				return handshakeComplete
-			},
-			MockConnectionState: func() quic.ConnectionState {
-				return quic.ConnectionState{
-					TLS: qtls.ConnectionStateWith0RTT{
-						ConnectionState: state,
-					},
-				}
-			},
-			MockCloseWithError: func(code quic.ApplicationErrorCode, reason string) error {
-				return nil
-			},
-		}
-	}
-
-	t.Run("on success", func(t *testing.T) {
-		handshakeCtx := context.Background()
-		handshakeCtx, handshakeCancel := context.WithCancel(handshakeCtx)
-		handshakeCancel() // simulate a completed handshake
-		const expectedNetwork = "udp"
-		const mockedEndpoint = "8.8.4.4:443"
-		saver := NewSaver()
-		var peerCerts [][]byte
-		ff := &fakefill.Filler{}
-		ff.Fill(&peerCerts)
-		if len(peerCerts) < 1 {
-			t.Fatal("did not fill peerCerts")
-		}
-		v := &SingleQUICTLSHandshakeValidator{
-			ExpectedALPN:       []string{"h3"},
-			ExpectedSNI:        "dns.google",
-			ExpectedSkipVerify: true,
-			//
-			ExpectedCipherSuite:        tls.TLS_AES_128_GCM_SHA256,
-			ExpectedNegotiatedProtocol: "h3",
-			ExpectedPeerCerts:          peerCerts,
-			ExpectedVersion:            tls.VersionTLS13,
-			//
-			ExpectedNetwork:    "quic",
-			ExpectedRemoteAddr: mockedEndpoint,
-			//
-			QUICConfig: &quic.Config{},
-			//
-			ExpectedFailure: nil,
-			Saver:           saver,
-		}
-		qconn := newQUICConnection(handshakeCtx, v.NewTLSConnectionState())
-		dialer := newQUICDialer(qconn, nil)
-		ctx := context.Background()
-		qconn, err := saver.QUICDialContext(ctx, dialer, expectedNetwork,
-			mockedEndpoint, v.NewTLSConfig(), v.QUICConfig)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if qconn == nil {
-			t.Fatal("expected nil qconn")
-		}
-		qconn.CloseWithError(0, "")
-		if err := v.Validate(); err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	t.Run("on other error", func(t *testing.T) {
-		mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF)
-		const expectedNetwork = "udp"
-		const mockedEndpoint = "8.8.4.4:443"
-		saver := NewSaver()
-		v := &SingleQUICTLSHandshakeValidator{
-			ExpectedALPN:       []string{"h3"},
-			ExpectedSNI:        "dns.google",
-			ExpectedSkipVerify: true,
-			//
-			ExpectedCipherSuite:        0,
-			ExpectedNegotiatedProtocol: "",
-			ExpectedPeerCerts:          nil,
-			ExpectedVersion:            0,
-			//
-			ExpectedNetwork:    "quic",
-			ExpectedRemoteAddr: mockedEndpoint,
-			//
-			QUICConfig: &quic.Config{},
-			//
-			ExpectedFailure: mockedError,
-			Saver:           saver,
-		}
-		dialer := newQUICDialer(nil, mockedError)
-		ctx := context.Background()
-		qconn, err := saver.QUICDialContext(ctx, dialer, expectedNetwork,
-			mockedEndpoint, v.NewTLSConfig(), v.QUICConfig)
-		if !errors.Is(err, mockedError) {
-			t.Fatal("unexpected error")
-		}
-		if qconn != nil {
-			t.Fatal("expected nil connection")
-		}
-		if err := v.Validate(); err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	// TODO(bassosimone): here we're not testing the case in which
-	// the certificate is invalid for the required SNI.
-	//
-	// We need first to figure out whether this is what happens
-	// when we validate for QUIC in such cases. If that's the case
-	// indeed, then we can write the tests.
-
-	t.Run("on x509.HostnameError", func(t *testing.T) {
-		t.Skip("test not implemented")
-	})
-
-	t.Run("on x509.UnknownAuthorityError", func(t *testing.T) {
-		t.Skip("test not implemented")
-	})
-
-	t.Run("on x509.CertificateInvalidError", func(t *testing.T) {
-		t.Skip("test not implemented")
-	})
-}
-
-type SingleQUICTLSHandshakeValidator struct {
-	// related to the tls.Config
-	ExpectedALPN       []string
-	ExpectedSNI        string
-	ExpectedSkipVerify bool
-
-	// related to the tls.ConnectionState
-	ExpectedCipherSuite        uint16
-	ExpectedNegotiatedProtocol string
-	ExpectedPeerCerts          [][]byte
-	ExpectedVersion            uint16
-
-	// related to the mocked conn (TLS) / dial params (QUIC)
-	ExpectedNetwork    string
-	ExpectedRemoteAddr string
-
-	// tells us whether we're using QUIC
-	QUICConfig *quic.Config
-
-	// other fields
-	ExpectedFailure error
-	Saver           *Saver
-}
-
-func (v *SingleQUICTLSHandshakeValidator) NewTLSConfig() *tls.Config {
-	return &tls.Config{
-		NextProtos:         v.ExpectedALPN,
-		ServerName:         v.ExpectedSNI,
-		InsecureSkipVerify: v.ExpectedSkipVerify,
-	}
-}
-
-func (v *SingleQUICTLSHandshakeValidator) NewTLSConnectionState() tls.ConnectionState {
-	var state tls.ConnectionState
-	if v.ExpectedCipherSuite != 0 {
-		state.CipherSuite = v.ExpectedCipherSuite
-	}
-	if v.ExpectedNegotiatedProtocol != "" {
-		state.NegotiatedProtocol = v.ExpectedNegotiatedProtocol
-	}
-	for _, cert := range v.ExpectedPeerCerts {
-		state.PeerCertificates = append(state.PeerCertificates, &x509.Certificate{
-			Raw: cert,
-		})
-	}
-	if v.ExpectedVersion != 0 {
-		state.Version = v.ExpectedVersion
-	}
-	return state
-}
-
-func (v *SingleQUICTLSHandshakeValidator) Validate() error {
-	trace := v.Saver.MoveOutTrace()
-	var entries []*QUICTLSHandshakeEvent
-	if v.QUICConfig != nil {
-		entries = trace.QUICHandshake
-	} else {
-		entries = trace.TLSHandshake
-	}
-	if len(entries) != 1 {
-		return errors.New("expected to see a single entry")
-	}
-	entry := entries[0]
-	if diff := cmp.Diff(entry.ALPN, v.ExpectedALPN); diff != "" {
-		return errors.New(diff)
-	}
-	if entry.CipherSuite != netxlite.TLSCipherSuiteString(v.ExpectedCipherSuite) {
-		return errors.New("unexpected .CipherSuite")
-	}
-	if !errors.Is(entry.Failure, v.ExpectedFailure) {
-		return errors.New("unexpected .Failure")
-	}
-	if !entry.Finished.After(entry.Started) {
-		return errors.New(".Finished is not after .Started")
-	}
-	if entry.NegotiatedProto != v.ExpectedNegotiatedProtocol {
-		return errors.New("unexpected .NegotiatedProto")
-	}
-	if entry.Network != v.ExpectedNetwork {
-		return errors.New("unexpected .Network")
-	}
-	if diff := cmp.Diff(entry.PeerCerts, v.ExpectedPeerCerts); diff != "" {
-		return errors.New("unexpected .PeerCerts")
-	}
-	if entry.RemoteAddr != v.ExpectedRemoteAddr {
-		return errors.New("unexpected .RemoteAddr")
-	}
-	if entry.SNI != v.ExpectedSNI {
-		return errors.New("unexpected .ServerName")
-	}
-	if entry.SkipVerify != v.ExpectedSkipVerify {
-		return errors.New("unexpected .SkipVerify")
-	}
-	if entry.TLSVersion != netxlite.TLSVersionString(v.ExpectedVersion) {
-		return errors.New("unexpected .Version")
-	}
-	return nil
-}
--- a/4
+++ b/4
@ -64,7 +64,7 @@ GOLANG_EXTRA_FLAGS =

 #help:
 #help: * GOLANG_VERSION_NUMBER : the expected version number for golang.
-GOLANG_VERSION_NUMBER = 1.17.10
+GOLANG_VERSION_NUMBER = 1.18.2

 #help:
 #help: * MINGW_W64_VERSION     : the expected mingw-w64 version.
@ -72,7 +72,7 @@ MINGW_W64_VERSION = 10.3.1

 #help:
 #help: * OONIGO_BRANCH         : the github.com/ooni/go branch to use.
-OONIGO_BRANCH = oonigo1.17.10
+OONIGO_BRANCH = oonigo1.18.2

 #help:
 #help: * OONI_PSIPHON_TAGS     : build tags for `go build -tags ...` that cause