mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-23 09:06:29 +01:00
More tests for TLS configuration
This commit is contained in:
parent
d4f4fcdb4c
commit
b1ae8a71f1
2 changed files with 65 additions and 3 deletions
|
@ -379,8 +379,8 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
|
|||
config.CipherSuites = defaultCiphers
|
||||
}
|
||||
|
||||
// For security, ensure TLS_FALLBACK_SCSV is always included
|
||||
if config.CipherSuites[0] != tls.TLS_FALLBACK_SCSV {
|
||||
// For security, ensure TLS_FALLBACK_SCSV is always included first
|
||||
if len(config.CipherSuites) == 0 || config.CipherSuites[0] != tls.TLS_FALLBACK_SCSV {
|
||||
config.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, config.CipherSuites...)
|
||||
}
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
"testing"
|
||||
)
|
||||
|
||||
func TestMakeTLSConfig(t *testing.T) {
|
||||
func TestMakeTLSConfigProtocolVersions(t *testing.T) {
|
||||
// same min and max protocol versions
|
||||
configs := []*Config{
|
||||
{
|
||||
|
@ -29,6 +29,68 @@ func TestMakeTLSConfig(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestMakeTLSConfigPreferServerCipherSuites(t *testing.T) {
|
||||
// prefer server cipher suites
|
||||
configs := []*Config{{Enabled: true, PreferServerCipherSuites: true}}
|
||||
result, err := MakeTLSConfig(configs)
|
||||
if err != nil {
|
||||
t.Fatalf("Did not expect an error, but got %v", err)
|
||||
}
|
||||
if got, want := result.PreferServerCipherSuites, true; got != want {
|
||||
t.Errorf("Expected PreferServerCipherSuites==%v but got %v", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestMakeTLSConfigTLSEnabledDisabled(t *testing.T) {
|
||||
// verify handling when Enabled is true and false
|
||||
configs := []*Config{
|
||||
{Enabled: true},
|
||||
{Enabled: false},
|
||||
}
|
||||
_, err := MakeTLSConfig(configs)
|
||||
if err == nil {
|
||||
t.Fatalf("Expected an error, but got %v", err)
|
||||
}
|
||||
|
||||
// verify that when disabled, a nil pair is returned
|
||||
configs = []*Config{{}, {}}
|
||||
result, err := MakeTLSConfig(configs)
|
||||
if err != nil {
|
||||
t.Errorf("Did not expect an error, but got %v", err)
|
||||
}
|
||||
if result != nil {
|
||||
t.Errorf("Expected a nil *tls.Config result, got %+v", result)
|
||||
}
|
||||
}
|
||||
|
||||
func TestMakeTLSConfigCipherSuites(t *testing.T) {
|
||||
// ensure cipher suites are unioned and
|
||||
// that TLS_FALLBACK_SCSV is prepended
|
||||
configs := []*Config{
|
||||
{Enabled: true, Ciphers: []uint16{0xc02c, 0xc030}},
|
||||
{Enabled: true, Ciphers: []uint16{0xc012, 0xc030, 0xc00a}},
|
||||
}
|
||||
result, err := MakeTLSConfig(configs)
|
||||
if err != nil {
|
||||
t.Fatalf("Did not expect an error, but got %v", err)
|
||||
}
|
||||
expected := []uint16{tls.TLS_FALLBACK_SCSV, 0xc02c, 0xc030, 0xc012, 0xc00a}
|
||||
if !reflect.DeepEqual(result.CipherSuites, expected) {
|
||||
t.Errorf("Expected ciphers %v but got %v", expected, result.CipherSuites)
|
||||
}
|
||||
|
||||
// use default suites if none specified
|
||||
configs = []*Config{{Enabled: true}}
|
||||
result, err = MakeTLSConfig(configs)
|
||||
if err != nil {
|
||||
t.Fatalf("Did not expect an error, but got %v", err)
|
||||
}
|
||||
expected = append([]uint16{tls.TLS_FALLBACK_SCSV}, defaultCiphers...)
|
||||
if !reflect.DeepEqual(result.CipherSuites, expected) {
|
||||
t.Errorf("Expected default ciphers %v but got %v", expected, result.CipherSuites)
|
||||
}
|
||||
}
|
||||
|
||||
func TestStorageForNoURL(t *testing.T) {
|
||||
c := &Config{}
|
||||
if _, err := c.StorageFor(""); err == nil {
|
||||
|
|
Loading…
Reference in a new issue