Skip to content

Commit

Permalink
SNI扩展测试
Browse files Browse the repository at this point in the history
  • Loading branch information
@Trisia
Trisia committed Jan 23, 2025
1 parent 454e4e4 commit 8cbaf01
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 2 deletions.
4 changes: 2 additions & 2 deletions tlcp/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -576,11 +576,11 @@ func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, err
//
// 域名证书主机名验证交由证书验证阶段完成
//
//// 如果服务端名称不为空,那么验证证书是否匹配
// 如果服务端名称不为空,那么验证证书是否匹配
//if clientHello.ServerName != "" {
// err := c.Certificates[0].Leaf.VerifyHostname(clientHello.ServerName)
// if err != nil {
// return nil, fmt.Errorf("tlcp: certificate does not match requested host name: %v", err)
// return nil, errNoCertificates
// }
//}

Expand Down
27 changes: 27 additions & 0 deletions tlcp/handshake_server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,3 +334,30 @@ func Test_processClientHello(t *testing.T) {
<-done

}

// 测试服务端身份认证
func Test_HelloExt_SNI_ACK(t *testing.T) {
cli, svr := tcpPipe(8453)

conn := Client(cli, &Config{
ServerName: "fakeServerName", // 服务端证书中没有包含该域名
Time: runtimeTime,
RootCAs: simplePool,
})

svc := Server(svr, &Config{
Certificates: []Certificate{sigCert, encCert},
Time: runtimeTime,
})
go func() {
defer svc.Close()
err := svc.Handshake()
if err != nil {
t.Fatal(err)
}
}()
if err := conn.Handshake(); err == nil {
t.Fatalf("Expect server name ack, and bad server alert, but not")
}

}
34 changes: 34 additions & 0 deletions tlcp/handshake_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,14 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"github.com/emmansun/gmsm/sm2"
"github.com/emmansun/gmsm/smx509"
"io"
"math/big"
"net"
"os"
"sync"
"sync/atomic"
"testing"
"time"
Expand Down Expand Up @@ -188,3 +190,35 @@ func TestGenSelfSignedCert(t *testing.T) {
_ = pem.Encode(os.Stdout, &pem.Block{Type: "SM2 PRIVATE KEY", Bytes: privateKey})
_ = pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: certificate})
}

func tcpPipe(port ...int) (cli net.Conn, svr net.Conn) {
addr := ""
if len(port) > 0 {
addr = fmt.Sprintf(":%d", port[0])
}

listen, err := net.Listen("tcp", addr)
if err != nil {
return nil, nil
}
var wg sync.WaitGroup
wg.Add(2)
go func() {
defer wg.Done()
conn, err := listen.Accept()
if err != nil {
return
}
svr = conn
}()
go func() {
defer wg.Done()
conn, err := net.Dial("tcp", listen.Addr().String())
if err != nil {
return
}
cli = conn
}()
wg.Wait()
return
}

0 comments on commit 8cbaf01

Please sign in to comment.