c/ooni-probe-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(netxlite): improve TLS auto-configuration (#409)

Browse Source 
Auto-configure every relevant TLS field as close as possible to
where it's actually used.

As a side effect, add support for mocking the creation of a TLS
connection, which should possibly be useful for uTLS?

Work that is part of https://github.com/ooni/probe/issues/1505
This commit is contained in:
Simone Basso
2021-06-25 20:51:59 +02:00
committed by GitHub
parent f1f5ed342e
commit b07890af4d
16 changed files with 360 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/engine/netx/netx.go
+1 -1
View File
@@ -184,7 +184,7 @@ func NewTLSDialer(config Config) TLSDialer {
if config.Dialer == nil {
config.Dialer = NewDialer(config)
}
var h tlsHandshaker = &netxlite.TLSHandshakerStdlib{}
var h tlsHandshaker = &netxlite.TLSHandshakerConfigurable{}
h = tlsdialer.ErrorWrapperTLSHandshaker{TLSHandshaker: h}
if config.Logger != nil {
h = &netxlite.TLSHandshakerLogger{Logger: config.Logger, TLSHandshaker: h}
internal/engine/netx/netx_test.go
+7 -7
View File
@@ -234,7 +234,7 @@ func TestNewTLSDialerVanilla(t *testing.T) {
if !ok {
t.Fatal("not the TLSHandshaker we expected")
}
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerStdlib); !ok {
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerConfigurable); !ok {
t.Fatal("not the TLSHandshaker we expected")
}
}
@@ -263,7 +263,7 @@ func TestNewTLSDialerWithConfig(t *testing.T) {
if !ok {
t.Fatal("not the TLSHandshaker we expected")
}
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerStdlib); !ok {
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerConfigurable); !ok {
t.Fatal("not the TLSHandshaker we expected")
}
}
@@ -302,7 +302,7 @@ func TestNewTLSDialerWithLogging(t *testing.T) {
if !ok {
t.Fatal("not the TLSHandshaker we expected")
}
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerStdlib); !ok {
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerConfigurable); !ok {
t.Fatal("not the TLSHandshaker we expected")
}
}
@@ -342,7 +342,7 @@ func TestNewTLSDialerWithSaver(t *testing.T) {
if !ok {
t.Fatal("not the TLSHandshaker we expected")
}
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerStdlib); !ok {
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerConfigurable); !ok {
t.Fatal("not the TLSHandshaker we expected")
}
}
@@ -375,7 +375,7 @@ func TestNewTLSDialerWithNoTLSVerifyAndConfig(t *testing.T) {
if !ok {
t.Fatal("not the TLSHandshaker we expected")
}
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerStdlib); !ok {
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerConfigurable); !ok {
t.Fatal("not the TLSHandshaker we expected")
}
}
@@ -410,7 +410,7 @@ func TestNewTLSDialerWithNoTLSVerifyAndNoConfig(t *testing.T) {
if !ok {
t.Fatal("not the TLSHandshaker we expected")
}
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerStdlib); !ok {
if _, ok := ewth.TLSHandshaker.(*netxlite.TLSHandshakerConfigurable); !ok {
t.Fatal("not the TLSHandshaker we expected")
}
}
@@ -447,7 +447,7 @@ func TestNewWithTLSDialer(t *testing.T) {
tlsDialer := &netxlite.TLSDialer{
Config: new(tls.Config),
Dialer: netx.FakeDialer{Err: expected},
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
}
txp := netx.NewHTTPTransport(netx.Config{
TLSDialer: tlsDialer,
internal/engine/netx/tlsdialer/integration_test.go
+1 -1
View File
@@ -16,7 +16,7 @@ func TestTLSDialerSuccess(t *testing.T) {
log.SetLevel(log.DebugLevel)
dialer := &netxlite.TLSDialer{Dialer: new(net.Dialer),
TLSHandshaker: &netxlite.TLSHandshakerLogger{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Logger: log.Log,
},
}
internal/engine/netx/tlsdialer/saver_test.go
+6 -6
View File
@@ -26,7 +26,7 @@ func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {
Config: &tls.Config{NextProtos: nextprotos},
Dialer: dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Saver: saver,
},
}
@@ -119,7 +119,7 @@ func TestSaverTLSHandshakerSuccess(t *testing.T) {
Config: &tls.Config{NextProtos: nextprotos},
Dialer: new(net.Dialer),
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Saver: saver,
},
}
@@ -184,7 +184,7 @@ func TestSaverTLSHandshakerHostnameError(t *testing.T) {
tlsdlr := &netxlite.TLSDialer{
Dialer: new(net.Dialer),
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Saver: saver,
},
}
@@ -217,7 +217,7 @@ func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {
tlsdlr := &netxlite.TLSDialer{
Dialer: new(net.Dialer),
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Saver: saver,
},
}
@@ -250,7 +250,7 @@ func TestSaverTLSHandshakerAuthorityError(t *testing.T) {
tlsdlr := &netxlite.TLSDialer{
Dialer: new(net.Dialer),
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Saver: saver,
},
}
@@ -284,7 +284,7 @@ func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {
Config: &tls.Config{InsecureSkipVerify: true},
Dialer: new(net.Dialer),
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
TLSHandshaker: &netxlite.TLSHandshakerConfigurable{},
Saver: saver,
},
}
internal/engine/netx/tlsdialer/tls_test.go
+1 -1
View File
@@ -16,7 +16,7 @@ import (
)
func TestSystemTLSHandshakerEOFError(t *testing.T) {
h := &netxlite.TLSHandshakerStdlib{}
h := &netxlite.TLSHandshakerConfigurable{}
conn, _, err := h.Handshake(context.Background(), tlsdialer.EOFConn{}, &tls.Config{
ServerName: "x.org",
})