mirror of
https://github.com/vmware-tanzu/pinniped.git
synced 2026-01-04 04:04:28 +00:00
Fix ptls_test.go for Go 1.22
This commit is contained in:
Ryan Richard
@@ -5,8 +5,11 @@ package ptls
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"runtime"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/coreos/go-semver/semver"
|
||||
"github.com/stretchr/testify/require"
|
||||
"k8s.io/apiserver/pkg/server/options"
|
||||
)
|
||||
@@ -46,6 +49,13 @@ func TestSecureServing(t *testing.T) {
|
||||
func TestMerge(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
runtimeVersion := runtime.Version()
|
||||
if strings.HasPrefix(runtimeVersion, "go") {
|
||||
runtimeVersion, _ = strings.CutPrefix(runtimeVersion, "go")
|
||||
}
|
||||
runtimeVersionSemver, err := semver.NewVersion(runtimeVersion)
|
||||
require.NoError(t, err)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
tlsConfigFunc ConfigFunc
|
||||
@@ -176,60 +186,24 @@ func TestMerge(t *testing.T) {
|
||||
ServerName: "something-to-check-passthrough",
|
||||
},
|
||||
want: &tls.Config{
|
||||
ServerName: "something-to-check-passthrough",
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: []uint16{
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA, //nolint:gosec // yeah, I know it is a bad cipher, this is the legacy config
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
},
|
||||
NextProtos: []string{"h2", "http/1.1"},
|
||||
ServerName: "something-to-check-passthrough",
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: wantLegacyCipherSuites(runtimeVersionSemver),
|
||||
NextProtos: []string{"h2", "http/1.1"},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "legacy with NextProtos",
|
||||
tlsConfigFunc: Legacy,
|
||||
tlsConfig: &tls.Config{
|
||||
tlsConfig: &tls.Config{ //nolint:gosec // not concerned with TLS MinVersion here
|
||||
ServerName: "a different thing for passthrough",
|
||||
NextProtos: []string{"panda"},
|
||||
},
|
||||
want: &tls.Config{
|
||||
ServerName: "a different thing for passthrough",
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: []uint16{
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA, //nolint:gosec // yeah, I know it is a bad cipher, this is the legacy config
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
},
|
||||
NextProtos: []string{"panda"},
|
||||
ServerName: "a different thing for passthrough",
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: wantLegacyCipherSuites(runtimeVersionSemver),
|
||||
NextProtos: []string{"panda"},
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -243,3 +217,31 @@ func TestMerge(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func wantLegacyCipherSuites(runtime *semver.Version) []uint16 {
|
||||
var ciphers []uint16
|
||||
if runtime.Major == 1 && runtime.Minor < 22 {
|
||||
ciphers = append(ciphers, []uint16{
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
}...)
|
||||
}
|
||||
ciphers = append(ciphers, []uint16{
|
||||
tls.TLS_AES_128_GCM_SHA256,
|
||||
tls.TLS_AES_256_GCM_SHA384,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
}...)
|
||||
return ciphers
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user