From 9e609da2e659bf5b68f04c243eda132781a960b5 Mon Sep 17 00:00:00 2001 From: Mike Morris Date: Wed, 24 Nov 2021 15:55:12 -0500 Subject: [PATCH] tlsutil: update tests --- tlsutil/config.go | 4 ---- tlsutil/config_test.go | 37 ++++++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/tlsutil/config.go b/tlsutil/config.go index 1db39fab82..d2cf5f3975 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -548,10 +548,6 @@ func (c *Configurator) commonTLSConfig(verifyIncoming bool) *tls.Config { // default (TLS 1.0) and because the initial check in validateConfig makes // sure the version is not invalid. - // FIXME: move ParseTLSVersion to be called externally, maybe in - // agent/config/runtime parsing before the tlsutil.Config struct is created? - // tlsVersion, _ := ParseTLSVersion(c.base.TLSMinVersion) - tlsConfig.MinVersion = goTLSVersions[c.base.TLSMinVersion] // Set ClientAuth if necessary diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go index 942ead36ba..fd74ebf50d 100644 --- a/tlsutil/config_test.go +++ b/tlsutil/config_test.go @@ -395,17 +395,17 @@ func TestConfig_ParseCiphers(t *testing.T) { "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", }, ",") - ciphers := []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + ciphers := []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + types.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + types.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + types.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + types.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + types.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, } v, err := ParseCiphers(testOk) require.NoError(t, err) @@ -418,7 +418,7 @@ func TestConfig_ParseCiphers(t *testing.T) { v, err = ParseCiphers("") require.NoError(t, err) - require.Equal(t, []uint16{}, v) + require.Equal(t, []types.TLSCipherSuite{}, v) } func TestLoadKeyPair(t *testing.T) { @@ -651,13 +651,20 @@ func TestConfigurator_CommonTLSConfigCipherSuites(t *testing.T) { tlsConf := c.commonTLSConfig(false) require.Empty(t, tlsConf.CipherSuites) - // TODO: this test previously was expected to pass with an unexpected, but - // valid, value?? conf := Config{CipherSuites: []types.TLSCipherSuite{ types.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}} require.NoError(t, c.Update(conf)) tlsConf = c.commonTLSConfig(false) - require.Equal(t, conf.CipherSuites, tlsConf.CipherSuites) + + // TODO: this test previously was expected to pass with an unexpected, but + // valid, value?? + require.Equal(t, []uint16{}, tlsConf.CipherSuites) + + conf = Config{CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}} + require.NoError(t, c.Update(conf)) + tlsConf = c.commonTLSConfig(false) + require.Equal(t, []uint16{0xc009}, tlsConf.CipherSuites) } func TestConfigurator_CommonTLSConfigGetClientCertificate(t *testing.T) {