1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
27 // zeroSource is an io.Reader that returns an unlimited number of zero bytes.
28 type zeroSource
struct{}
30 func (zeroSource
) Read(b
[]byte) (n
int, err error
) {
38 var testConfig
*Config
40 func allCipherSuites() []uint16 {
41 ids
:= make([]uint16, len(cipherSuites
))
42 for i
, suite
:= range cipherSuites
{
51 Time
: func() time
.Time
{ return time
.Unix(0, 0) },
53 Certificates
: make([]Certificate
, 2),
54 InsecureSkipVerify
: true,
55 MinVersion
: VersionSSL30
,
56 MaxVersion
: VersionTLS12
,
57 CipherSuites
: allCipherSuites(),
59 testConfig
.Certificates
[0].Certificate
= [][]byte{testRSACertificate
}
60 testConfig
.Certificates
[0].PrivateKey
= testRSAPrivateKey
61 testConfig
.Certificates
[1].Certificate
= [][]byte{testSNICertificate
}
62 testConfig
.Certificates
[1].PrivateKey
= testRSAPrivateKey
63 testConfig
.BuildNameToCertificate()
66 func testClientHello(t
*testing
.T
, serverConfig
*Config
, m handshakeMessage
) {
67 testClientHelloFailure(t
, serverConfig
, m
, "")
70 func testClientHelloFailure(t
*testing
.T
, serverConfig
*Config
, m handshakeMessage
, expectedSubStr
string) {
71 // Create in-memory network connection,
72 // send message to server. Should return
76 cli
:= Client(c
, testConfig
)
77 if ch
, ok
:= m
.(*clientHelloMsg
); ok
{
80 cli
.writeRecord(recordTypeHandshake
, m
.marshal())
83 hs
:= serverHandshakeState
{
84 c
: Server(s
, serverConfig
),
86 _
, err
:= hs
.readClientHello()
88 if len(expectedSubStr
) == 0 {
89 if err
!= nil && err
!= io
.EOF
{
90 t
.Errorf("Got error: %s; expected to succeed", err
)
92 } else if err
== nil ||
!strings
.Contains(err
.Error(), expectedSubStr
) {
93 t
.Errorf("Got error: %s; expected to match substring '%s'", err
, expectedSubStr
)
97 func TestSimpleError(t
*testing
.T
) {
98 testClientHelloFailure(t
, testConfig
, &serverHelloDoneMsg
{}, "unexpected handshake message")
101 var badProtocolVersions
= []uint16{0x0000, 0x0005, 0x0100, 0x0105, 0x0200, 0x0205}
103 func TestRejectBadProtocolVersion(t
*testing
.T
) {
104 for _
, v
:= range badProtocolVersions
{
105 testClientHelloFailure(t
, testConfig
, &clientHelloMsg
{vers
: v
}, "unsupported, maximum protocol version")
109 func TestNoSuiteOverlap(t
*testing
.T
) {
110 clientHello
:= &clientHelloMsg
{
112 cipherSuites
: []uint16{0xff00},
113 compressionMethods
: []uint8{compressionNone
},
115 testClientHelloFailure(t
, testConfig
, clientHello
, "no cipher suite supported by both client and server")
118 func TestNoCompressionOverlap(t
*testing
.T
) {
119 clientHello
:= &clientHelloMsg
{
121 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
122 compressionMethods
: []uint8{0xff},
124 testClientHelloFailure(t
, testConfig
, clientHello
, "client does not support uncompressed connections")
127 func TestNoRC4ByDefault(t
*testing
.T
) {
128 clientHello
:= &clientHelloMsg
{
130 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
131 compressionMethods
: []uint8{compressionNone
},
133 serverConfig
:= testConfig
.Clone()
134 // Reset the enabled cipher suites to nil in order to test the
136 serverConfig
.CipherSuites
= nil
137 testClientHelloFailure(t
, serverConfig
, clientHello
, "no cipher suite supported by both client and server")
140 func TestRejectSNIWithTrailingDot(t
*testing
.T
) {
141 testClientHelloFailure(t
, testConfig
, &clientHelloMsg
{vers
: VersionTLS12
, serverName
: "foo.com."}, "unexpected message")
144 func TestDontSelectECDSAWithRSAKey(t
*testing
.T
) {
145 // Test that, even when both sides support an ECDSA cipher suite, it
146 // won't be selected if the server's private key doesn't support it.
147 clientHello
:= &clientHelloMsg
{
149 cipherSuites
: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
},
150 compressionMethods
: []uint8{compressionNone
},
151 supportedCurves
: []CurveID
{CurveP256
},
152 supportedPoints
: []uint8{pointFormatUncompressed
},
154 serverConfig
:= testConfig
.Clone()
155 serverConfig
.CipherSuites
= clientHello
.cipherSuites
156 serverConfig
.Certificates
= make([]Certificate
, 1)
157 serverConfig
.Certificates
[0].Certificate
= [][]byte{testECDSACertificate
}
158 serverConfig
.Certificates
[0].PrivateKey
= testECDSAPrivateKey
159 serverConfig
.BuildNameToCertificate()
160 // First test that it *does* work when the server's key is ECDSA.
161 testClientHello(t
, serverConfig
, clientHello
)
163 // Now test that switching to an RSA key causes the expected error (and
164 // not an internal error about a signing failure).
165 serverConfig
.Certificates
= testConfig
.Certificates
166 testClientHelloFailure(t
, serverConfig
, clientHello
, "no cipher suite supported by both client and server")
169 func TestDontSelectRSAWithECDSAKey(t
*testing
.T
) {
170 // Test that, even when both sides support an RSA cipher suite, it
171 // won't be selected if the server's private key doesn't support it.
172 clientHello
:= &clientHelloMsg
{
174 cipherSuites
: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
},
175 compressionMethods
: []uint8{compressionNone
},
176 supportedCurves
: []CurveID
{CurveP256
},
177 supportedPoints
: []uint8{pointFormatUncompressed
},
179 serverConfig
:= testConfig
.Clone()
180 serverConfig
.CipherSuites
= clientHello
.cipherSuites
181 // First test that it *does* work when the server's key is RSA.
182 testClientHello(t
, serverConfig
, clientHello
)
184 // Now test that switching to an ECDSA key causes the expected error
185 // (and not an internal error about a signing failure).
186 serverConfig
.Certificates
= make([]Certificate
, 1)
187 serverConfig
.Certificates
[0].Certificate
= [][]byte{testECDSACertificate
}
188 serverConfig
.Certificates
[0].PrivateKey
= testECDSAPrivateKey
189 serverConfig
.BuildNameToCertificate()
190 testClientHelloFailure(t
, serverConfig
, clientHello
, "no cipher suite supported by both client and server")
193 func TestRenegotiationExtension(t
*testing
.T
) {
194 clientHello
:= &clientHelloMsg
{
196 compressionMethods
: []uint8{compressionNone
},
197 random
: make([]byte, 32),
198 secureRenegotiationSupported
: true,
199 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
206 cli
:= Client(c
, testConfig
)
207 cli
.vers
= clientHello
.vers
208 cli
.writeRecord(recordTypeHandshake
, clientHello
.marshal())
210 buf
= make([]byte, 1024)
211 n
, err
:= c
.Read(buf
)
213 t
.Errorf("Server read returned error: %s", err
)
220 Server(s
, testConfig
).Handshake()
223 t
.Fatalf("Server returned short message of length %d", len(buf
))
225 // buf contains a TLS record, with a 5 byte record header and a 4 byte
226 // handshake header. The length of the ServerHello is taken from the
228 serverHelloLen
:= int(buf
[6])<<16 |
int(buf
[7])<<8 |
int(buf
[8])
230 var serverHello serverHelloMsg
231 // unmarshal expects to be given the handshake header, but
232 // serverHelloLen doesn't include it.
233 if !serverHello
.unmarshal(buf
[5 : 9+serverHelloLen
]) {
234 t
.Fatalf("Failed to parse ServerHello")
237 if !serverHello
.secureRenegotiationSupported
{
238 t
.Errorf("Secure renegotiation extension was not echoed.")
242 func TestTLS12OnlyCipherSuites(t
*testing
.T
) {
243 // Test that a Server doesn't select a TLS 1.2-only cipher suite when
244 // the client negotiates TLS 1.1.
247 clientHello
:= &clientHelloMsg
{
250 cipherSuites
: []uint16{
251 // The Server, by default, will use the client's
252 // preference order. So the GCM cipher suite
253 // will be selected unless it's excluded because
254 // of the version in this ClientHello.
255 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
256 TLS_RSA_WITH_RC4_128_SHA
,
258 compressionMethods
: []uint8{compressionNone
},
259 supportedCurves
: []CurveID
{CurveP256
, CurveP384
, CurveP521
},
260 supportedPoints
: []uint8{pointFormatUncompressed
},
264 var reply
interface{}
267 cli
:= Client(c
, testConfig
)
268 cli
.vers
= clientHello
.vers
269 cli
.writeRecord(recordTypeHandshake
, clientHello
.marshal())
270 reply
, clientErr
= cli
.readHandshake()
273 config
:= testConfig
.Clone()
274 config
.CipherSuites
= clientHello
.cipherSuites
275 Server(s
, config
).Handshake()
277 if clientErr
!= nil {
280 serverHello
, ok
:= reply
.(*serverHelloMsg
)
282 t
.Fatalf("didn't get ServerHello message in reply. Got %v\n", reply
)
284 if s
:= serverHello
.cipherSuite
; s
!= TLS_RSA_WITH_RC4_128_SHA
{
285 t
.Fatalf("bad cipher suite from server: %x", s
)
289 func TestAlertForwarding(t
*testing
.T
) {
292 Client(c
, testConfig
).sendAlert(alertUnknownCA
)
296 err
:= Server(s
, testConfig
).Handshake()
298 if e
, ok
:= err
.(*net
.OpError
); !ok || e
.Err
!= error(alertUnknownCA
) {
299 t
.Errorf("Got error: %s; expected: %s", err
, error(alertUnknownCA
))
303 func TestClose(t
*testing
.T
) {
307 err
:= Server(s
, testConfig
).Handshake()
310 t
.Errorf("Got error: %s; expected: %s", err
, io
.EOF
)
314 func testHandshake(clientConfig
, serverConfig
*Config
) (serverState
, clientState ConnectionState
, err error
) {
316 done
:= make(chan bool)
318 cli
:= Client(c
, clientConfig
)
320 clientState
= cli
.ConnectionState()
324 server
:= Server(s
, serverConfig
)
325 err
= server
.Handshake()
327 serverState
= server
.ConnectionState()
334 func TestVersion(t
*testing
.T
) {
335 serverConfig
:= &Config
{
336 Certificates
: testConfig
.Certificates
,
337 MaxVersion
: VersionTLS11
,
339 clientConfig
:= &Config
{
340 InsecureSkipVerify
: true,
342 state
, _
, err
:= testHandshake(clientConfig
, serverConfig
)
344 t
.Fatalf("handshake failed: %s", err
)
346 if state
.Version
!= VersionTLS11
{
347 t
.Fatalf("Incorrect version %x, should be %x", state
.Version
, VersionTLS11
)
351 func TestCipherSuitePreference(t
*testing
.T
) {
352 serverConfig
:= &Config
{
353 CipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
, TLS_RSA_WITH_AES_128_CBC_SHA
, TLS_ECDHE_RSA_WITH_RC4_128_SHA
},
354 Certificates
: testConfig
.Certificates
,
355 MaxVersion
: VersionTLS11
,
357 clientConfig
:= &Config
{
358 CipherSuites
: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA
, TLS_RSA_WITH_RC4_128_SHA
},
359 InsecureSkipVerify
: true,
361 state
, _
, err
:= testHandshake(clientConfig
, serverConfig
)
363 t
.Fatalf("handshake failed: %s", err
)
365 if state
.CipherSuite
!= TLS_RSA_WITH_AES_128_CBC_SHA
{
366 // By default the server should use the client's preference.
367 t
.Fatalf("Client's preference was not used, got %x", state
.CipherSuite
)
370 serverConfig
.PreferServerCipherSuites
= true
371 state
, _
, err
= testHandshake(clientConfig
, serverConfig
)
373 t
.Fatalf("handshake failed: %s", err
)
375 if state
.CipherSuite
!= TLS_RSA_WITH_RC4_128_SHA
{
376 t
.Fatalf("Server's preference was not used, got %x", state
.CipherSuite
)
380 func TestSCTHandshake(t
*testing
.T
) {
381 expected
:= [][]byte{[]byte("certificate"), []byte("transparency")}
382 serverConfig
:= &Config
{
383 Certificates
: []Certificate
{{
384 Certificate
: [][]byte{testRSACertificate
},
385 PrivateKey
: testRSAPrivateKey
,
386 SignedCertificateTimestamps
: expected
,
389 clientConfig
:= &Config
{
390 InsecureSkipVerify
: true,
392 _
, state
, err
:= testHandshake(clientConfig
, serverConfig
)
394 t
.Fatalf("handshake failed: %s", err
)
396 actual
:= state
.SignedCertificateTimestamps
397 if len(actual
) != len(expected
) {
398 t
.Fatalf("got %d scts, want %d", len(actual
), len(expected
))
400 for i
, sct
:= range expected
{
401 if !bytes
.Equal(sct
, actual
[i
]) {
402 t
.Fatalf("SCT #%d was %x, but expected %x", i
, actual
[i
], sct
)
407 func TestCrossVersionResume(t
*testing
.T
) {
408 serverConfig
:= &Config
{
409 CipherSuites
: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA
},
410 Certificates
: testConfig
.Certificates
,
412 clientConfig
:= &Config
{
413 CipherSuites
: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA
},
414 InsecureSkipVerify
: true,
415 ClientSessionCache
: NewLRUClientSessionCache(1),
416 ServerName
: "servername",
419 // Establish a session at TLS 1.1.
420 clientConfig
.MaxVersion
= VersionTLS11
421 _
, _
, err
:= testHandshake(clientConfig
, serverConfig
)
423 t
.Fatalf("handshake failed: %s", err
)
426 // The client session cache now contains a TLS 1.1 session.
427 state
, _
, err
:= testHandshake(clientConfig
, serverConfig
)
429 t
.Fatalf("handshake failed: %s", err
)
431 if !state
.DidResume
{
432 t
.Fatalf("handshake did not resume at the same version")
435 // Test that the server will decline to resume at a lower version.
436 clientConfig
.MaxVersion
= VersionTLS10
437 state
, _
, err
= testHandshake(clientConfig
, serverConfig
)
439 t
.Fatalf("handshake failed: %s", err
)
442 t
.Fatalf("handshake resumed at a lower version")
445 // The client session cache now contains a TLS 1.0 session.
446 state
, _
, err
= testHandshake(clientConfig
, serverConfig
)
448 t
.Fatalf("handshake failed: %s", err
)
450 if !state
.DidResume
{
451 t
.Fatalf("handshake did not resume at the same version")
454 // Test that the server will decline to resume at a higher version.
455 clientConfig
.MaxVersion
= VersionTLS11
456 state
, _
, err
= testHandshake(clientConfig
, serverConfig
)
458 t
.Fatalf("handshake failed: %s", err
)
461 t
.Fatalf("handshake resumed at a higher version")
465 // Note: see comment in handshake_test.go for details of how the reference
468 // serverTest represents a test of the TLS server handshake against a reference
470 type serverTest
struct {
471 // name is a freeform string identifying the test and the file in which
472 // the expected results will be stored.
474 // command, if not empty, contains a series of arguments for the
475 // command to run for the reference server.
477 // expectedPeerCerts contains a list of PEM blocks of expected
478 // certificates from the client.
479 expectedPeerCerts
[]string
480 // config, if not nil, contains a custom Config to use for this test.
482 // expectHandshakeErrorIncluding, when not empty, contains a string
483 // that must be a substring of the error resulting from the handshake.
484 expectHandshakeErrorIncluding
string
485 // validate, if not nil, is a function that will be called with the
486 // ConnectionState of the resulting connection. It returns false if the
487 // ConnectionState is unacceptable.
488 validate
func(ConnectionState
) error
491 var defaultClientCommand
= []string{"openssl", "s_client", "-no_ticket"}
493 // connFromCommand starts opens a listening socket and starts the reference
494 // client to connect to it. It returns a recordingConn that wraps the resulting
496 func (test
*serverTest
) connFromCommand() (conn
*recordingConn
, child
*exec
.Cmd
, err error
) {
497 l
, err
:= net
.ListenTCP("tcp", &net
.TCPAddr
{
498 IP
: net
.IPv4(127, 0, 0, 1),
506 port
:= l
.Addr().(*net
.TCPAddr
).Port
509 command
= append(command
, test
.command
...)
510 if len(command
) == 0 {
511 command
= defaultClientCommand
513 command
= append(command
, "-connect")
514 command
= append(command
, fmt
.Sprintf("127.0.0.1:%d", port
))
515 cmd
:= exec
.Command(command
[0], command
[1:]...)
517 var output bytes
.Buffer
520 if err
:= cmd
.Start(); err
!= nil {
524 connChan
:= make(chan interface{})
526 tcpConn
, err
:= l
.Accept()
535 case connOrError
:= <-connChan
:
536 if err
, ok
:= connOrError
.(error
); ok
{
539 tcpConn
= connOrError
.(net
.Conn
)
540 case <-time
.After(2 * time
.Second
):
541 output
.WriteTo(os
.Stdout
)
542 return nil, nil, errors
.New("timed out waiting for connection from child process")
545 record
:= &recordingConn
{
549 return record
, cmd
, nil
552 func (test
*serverTest
) dataPath() string {
553 return filepath
.Join("testdata", "Server-"+test
.name
)
556 func (test
*serverTest
) loadData() (flows
[][]byte, err error
) {
557 in
, err
:= os
.Open(test
.dataPath())
562 return parseTestData(in
)
565 func (test
*serverTest
) run(t
*testing
.T
, write
bool) {
566 checkOpenSSLVersion(t
)
568 var clientConn
, serverConn net
.Conn
569 var recordingConn
*recordingConn
570 var childProcess
*exec
.Cmd
574 recordingConn
, childProcess
, err
= test
.connFromCommand()
576 t
.Fatalf("Failed to start subcommand: %s", err
)
578 serverConn
= recordingConn
580 clientConn
, serverConn
= net
.Pipe()
582 config
:= test
.config
586 server
:= Server(serverConn
, config
)
587 connStateChan
:= make(chan ConnectionState
, 1)
589 _
, err
:= server
.Write([]byte("hello, world\n"))
590 if len(test
.expectHandshakeErrorIncluding
) > 0 {
592 t
.Errorf("Error expected, but no error returned")
593 } else if s
:= err
.Error(); !strings
.Contains(s
, test
.expectHandshakeErrorIncluding
) {
594 t
.Errorf("Error expected containing '%s' but got '%s'", test
.expectHandshakeErrorIncluding
, s
)
598 t
.Logf("Error from Server.Write: '%s'", err
)
603 connStateChan
<- server
.ConnectionState()
607 flows
, err
:= test
.loadData()
609 t
.Fatalf("%s: failed to load data from %s", test
.name
, test
.dataPath())
611 for i
, b
:= range flows
{
616 bb
:= make([]byte, len(b
))
617 n
, err
:= io
.ReadFull(clientConn
, bb
)
619 t
.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test
.name
, i
+1, err
, n
, len(bb
), bb
[:n
], b
)
621 if !bytes
.Equal(b
, bb
) {
622 t
.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test
.name
, i
+1, bb
, b
)
628 connState
:= <-connStateChan
629 peerCerts
:= connState
.PeerCertificates
630 if len(peerCerts
) == len(test
.expectedPeerCerts
) {
631 for i
, peerCert
:= range peerCerts
{
632 block
, _
:= pem
.Decode([]byte(test
.expectedPeerCerts
[i
]))
633 if !bytes
.Equal(block
.Bytes
, peerCert
.Raw
) {
634 t
.Fatalf("%s: mismatch on peer cert %d", test
.name
, i
+1)
638 t
.Fatalf("%s: mismatch on peer list length: %d (wanted) != %d (got)", test
.name
, len(test
.expectedPeerCerts
), len(peerCerts
))
641 if test
.validate
!= nil {
642 if err
:= test
.validate(connState
); err
!= nil {
643 t
.Fatalf("validate callback returned error: %s", err
)
648 path
:= test
.dataPath()
649 out
, err
:= os
.OpenFile(path
, os
.O_WRONLY|os
.O_CREATE|os
.O_TRUNC
, 0644)
651 t
.Fatalf("Failed to create output file: %s", err
)
654 recordingConn
.Close()
655 if len(recordingConn
.flows
) < 3 {
656 childProcess
.Stdout
.(*bytes
.Buffer
).WriteTo(os
.Stdout
)
657 if len(test
.expectHandshakeErrorIncluding
) == 0 {
658 t
.Fatalf("Handshake failed")
661 recordingConn
.WriteTo(out
)
662 fmt
.Printf("Wrote %s\n", path
)
667 func runServerTestForVersion(t
*testing
.T
, template
*serverTest
, prefix
, option
string) {
670 test
.name
= prefix
+ test
.name
671 if len(test
.command
) == 0 {
672 test
.command
= defaultClientCommand
674 test
.command
= append([]string(nil), test
.command
...)
675 test
.command
= append(test
.command
, option
)
679 func runServerTestSSLv3(t
*testing
.T
, template
*serverTest
) {
680 runServerTestForVersion(t
, template
, "SSLv3-", "-ssl3")
683 func runServerTestTLS10(t
*testing
.T
, template
*serverTest
) {
684 runServerTestForVersion(t
, template
, "TLSv10-", "-tls1")
687 func runServerTestTLS11(t
*testing
.T
, template
*serverTest
) {
688 runServerTestForVersion(t
, template
, "TLSv11-", "-tls1_1")
691 func runServerTestTLS12(t
*testing
.T
, template
*serverTest
) {
692 runServerTestForVersion(t
, template
, "TLSv12-", "-tls1_2")
695 func TestHandshakeServerRSARC4(t
*testing
.T
) {
698 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"},
700 runServerTestSSLv3(t
, test
)
701 runServerTestTLS10(t
, test
)
702 runServerTestTLS11(t
, test
)
703 runServerTestTLS12(t
, test
)
706 func TestHandshakeServerRSA3DES(t
*testing
.T
) {
709 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "DES-CBC3-SHA"},
711 runServerTestSSLv3(t
, test
)
712 runServerTestTLS10(t
, test
)
713 runServerTestTLS12(t
, test
)
716 func TestHandshakeServerRSAAES(t
*testing
.T
) {
719 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
721 runServerTestSSLv3(t
, test
)
722 runServerTestTLS10(t
, test
)
723 runServerTestTLS12(t
, test
)
726 func TestHandshakeServerAESGCM(t
*testing
.T
) {
729 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"},
731 runServerTestTLS12(t
, test
)
734 func TestHandshakeServerAES256GCMSHA384(t
*testing
.T
) {
736 name
: "RSA-AES256-GCM-SHA384",
737 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384"},
739 runServerTestTLS12(t
, test
)
742 func TestHandshakeServerECDHEECDSAAES(t
*testing
.T
) {
743 config
:= testConfig
.Clone()
744 config
.Certificates
= make([]Certificate
, 1)
745 config
.Certificates
[0].Certificate
= [][]byte{testECDSACertificate
}
746 config
.Certificates
[0].PrivateKey
= testECDSAPrivateKey
747 config
.BuildNameToCertificate()
750 name
: "ECDHE-ECDSA-AES",
751 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"},
754 runServerTestTLS10(t
, test
)
755 runServerTestTLS12(t
, test
)
758 func TestHandshakeServerX25519(t
*testing
.T
) {
759 config
:= testConfig
.Clone()
760 config
.CurvePreferences
= []CurveID
{X25519
}
763 name
: "X25519-ECDHE-RSA-AES-GCM",
764 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"},
767 runServerTestTLS12(t
, test
)
770 func TestHandshakeServerALPN(t
*testing
.T
) {
771 config
:= testConfig
.Clone()
772 config
.NextProtos
= []string{"proto1", "proto2"}
776 // Note that this needs OpenSSL 1.0.2 because that is the first
777 // version that supports the -alpn flag.
778 command
: []string{"openssl", "s_client", "-alpn", "proto2,proto1"},
780 validate
: func(state ConnectionState
) error
{
781 // The server's preferences should override the client.
782 if state
.NegotiatedProtocol
!= "proto1" {
783 return fmt
.Errorf("Got protocol %q, wanted proto1", state
.NegotiatedProtocol
)
788 runServerTestTLS12(t
, test
)
791 func TestHandshakeServerALPNNoMatch(t
*testing
.T
) {
792 config
:= testConfig
.Clone()
793 config
.NextProtos
= []string{"proto3"}
796 name
: "ALPN-NoMatch",
797 // Note that this needs OpenSSL 1.0.2 because that is the first
798 // version that supports the -alpn flag.
799 command
: []string{"openssl", "s_client", "-alpn", "proto2,proto1"},
801 validate
: func(state ConnectionState
) error
{
802 // Rather than reject the connection, Go doesn't select
803 // a protocol when there is no overlap.
804 if state
.NegotiatedProtocol
!= "" {
805 return fmt
.Errorf("Got protocol %q, wanted ''", state
.NegotiatedProtocol
)
810 runServerTestTLS12(t
, test
)
813 // TestHandshakeServerSNI involves a client sending an SNI extension of
814 // "snitest.com", which happens to match the CN of testSNICertificate. The test
815 // verifies that the server correctly selects that certificate.
816 func TestHandshakeServerSNI(t
*testing
.T
) {
819 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
821 runServerTestTLS12(t
, test
)
824 // TestHandshakeServerSNICertForName is similar to TestHandshakeServerSNI, but
825 // tests the dynamic GetCertificate method
826 func TestHandshakeServerSNIGetCertificate(t
*testing
.T
) {
827 config
:= testConfig
.Clone()
829 // Replace the NameToCertificate map with a GetCertificate function
830 nameToCert
:= config
.NameToCertificate
831 config
.NameToCertificate
= nil
832 config
.GetCertificate
= func(clientHello
*ClientHelloInfo
) (*Certificate
, error
) {
833 cert
, _
:= nameToCert
[clientHello
.ServerName
]
837 name
: "SNI-GetCertificate",
838 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
841 runServerTestTLS12(t
, test
)
844 // TestHandshakeServerSNICertForNameNotFound is similar to
845 // TestHandshakeServerSNICertForName, but tests to make sure that when the
846 // GetCertificate method doesn't return a cert, we fall back to what's in
847 // the NameToCertificate map.
848 func TestHandshakeServerSNIGetCertificateNotFound(t
*testing
.T
) {
849 config
:= testConfig
.Clone()
851 config
.GetCertificate
= func(clientHello
*ClientHelloInfo
) (*Certificate
, error
) {
855 name
: "SNI-GetCertificateNotFound",
856 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
859 runServerTestTLS12(t
, test
)
862 // TestHandshakeServerSNICertForNameError tests to make sure that errors in
863 // GetCertificate result in a tls alert.
864 func TestHandshakeServerSNIGetCertificateError(t
*testing
.T
) {
865 const errMsg
= "TestHandshakeServerSNIGetCertificateError error"
867 serverConfig
:= testConfig
.Clone()
868 serverConfig
.GetCertificate
= func(clientHello
*ClientHelloInfo
) (*Certificate
, error
) {
869 return nil, errors
.New(errMsg
)
872 clientHello
:= &clientHelloMsg
{
874 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
875 compressionMethods
: []uint8{compressionNone
},
878 testClientHelloFailure(t
, serverConfig
, clientHello
, errMsg
)
881 // TestHandshakeServerEmptyCertificates tests that GetCertificates is called in
882 // the case that Certificates is empty, even without SNI.
883 func TestHandshakeServerEmptyCertificates(t
*testing
.T
) {
884 const errMsg
= "TestHandshakeServerEmptyCertificates error"
886 serverConfig
:= testConfig
.Clone()
887 serverConfig
.GetCertificate
= func(clientHello
*ClientHelloInfo
) (*Certificate
, error
) {
888 return nil, errors
.New(errMsg
)
890 serverConfig
.Certificates
= nil
892 clientHello
:= &clientHelloMsg
{
894 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
895 compressionMethods
: []uint8{compressionNone
},
897 testClientHelloFailure(t
, serverConfig
, clientHello
, errMsg
)
899 // With an empty Certificates and a nil GetCertificate, the server
900 // should always return a “no certificates” error.
901 serverConfig
.GetCertificate
= nil
903 clientHello
= &clientHelloMsg
{
905 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
906 compressionMethods
: []uint8{compressionNone
},
908 testClientHelloFailure(t
, serverConfig
, clientHello
, "no certificates")
911 // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with
912 // an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate.
913 func TestCipherSuiteCertPreferenceECDSA(t
*testing
.T
) {
914 config
:= testConfig
.Clone()
915 config
.CipherSuites
= []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
}
916 config
.PreferServerCipherSuites
= true
919 name
: "CipherSuiteCertPreferenceRSA",
922 runServerTestTLS12(t
, test
)
924 config
= testConfig
.Clone()
925 config
.CipherSuites
= []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
}
926 config
.Certificates
= []Certificate
{
928 Certificate
: [][]byte{testECDSACertificate
},
929 PrivateKey
: testECDSAPrivateKey
,
932 config
.BuildNameToCertificate()
933 config
.PreferServerCipherSuites
= true
936 name
: "CipherSuiteCertPreferenceECDSA",
939 runServerTestTLS12(t
, test
)
942 func TestResumption(t
*testing
.T
) {
943 sessionFilePath
:= tempFile("")
944 defer os
.Remove(sessionFilePath
)
948 command
: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath
},
950 runServerTestTLS12(t
, test
)
954 command
: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath
},
956 runServerTestTLS12(t
, test
)
959 func TestResumptionDisabled(t
*testing
.T
) {
960 sessionFilePath
:= tempFile("")
961 defer os
.Remove(sessionFilePath
)
963 config
:= testConfig
.Clone()
966 name
: "IssueTicketPreDisable",
967 command
: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath
},
970 runServerTestTLS12(t
, test
)
972 config
.SessionTicketsDisabled
= true
975 name
: "ResumeDisabled",
976 command
: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath
},
979 runServerTestTLS12(t
, test
)
981 // One needs to manually confirm that the handshake in the golden data
982 // file for ResumeDisabled does not include a resumption handshake.
985 func TestFallbackSCSV(t
*testing
.T
) {
986 serverConfig
:= Config
{
987 Certificates
: testConfig
.Certificates
,
990 name
: "FallbackSCSV",
991 config
: &serverConfig
,
992 // OpenSSL 1.0.1j is needed for the -fallback_scsv option.
993 command
: []string{"openssl", "s_client", "-fallback_scsv"},
994 expectHandshakeErrorIncluding
: "inappropriate protocol fallback",
996 runServerTestTLS11(t
, test
)
999 // clientCertificatePEM and clientKeyPEM were generated with generate_cert.go
1000 // Thus, they have no ExtKeyUsage fields and trigger an error when verification
1003 const clientCertificatePEM
= `
1004 -----BEGIN CERTIFICATE-----
1005 MIIB7zCCAVigAwIBAgIQXBnBiWWDVW/cC8m5k5/pvDANBgkqhkiG9w0BAQsFADAS
1006 MRAwDgYDVQQKEwdBY21lIENvMB4XDTE2MDgxNzIxNTIzMVoXDTE3MDgxNzIxNTIz
1007 MVowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
1008 gYEAum+qhr3Pv5/y71yUYHhv6BPy0ZZvzdkybiI3zkH5yl0prOEn2mGi7oHLEMff
1009 NFiVhuk9GeZcJ3NgyI14AvQdpJgJoxlwaTwlYmYqqyIjxXuFOE8uCXMyp70+m63K
1010 hAfmDzr/d8WdQYUAirab7rCkPy1MTOZCPrtRyN1IVPQMjkcCAwEAAaNGMEQwDgYD
1011 VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw
1012 DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBGq0Si+yhU+Fpn+GKU
1013 8ZqyGJ7ysd4dfm92lam6512oFmyc9wnTN+RLKzZ8Aa1B0jLYw9KT+RBrjpW5LBeK
1014 o0RIvFkTgxYEiKSBXCUNmAysEbEoVr4dzWFihAm/1oDGRY2CLLTYg5vbySK3KhIR
1015 e/oCO8HJ/+rJnahJ05XX1Q7lNQ==
1016 -----END CERTIFICATE-----`
1018 const clientKeyPEM
= `
1019 -----BEGIN RSA PRIVATE KEY-----
1020 MIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa
1021 YaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J
1022 czKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB
1023 AoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc
1024 qeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv
1025 PJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z
1026 9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY
1027 dkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ
1028 zbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w
1029 jUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ
1030 rWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr
1031 FhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU
1032 csPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6
1033 -----END RSA PRIVATE KEY-----`
1035 const clientECDSACertificatePEM
= `
1036 -----BEGIN CERTIFICATE-----
1037 MIIB/DCCAV4CCQCaMIRsJjXZFzAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
1038 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
1039 eSBMdGQwHhcNMTIxMTE0MTMyNTUzWhcNMjIxMTEyMTMyNTUzWjBBMQswCQYDVQQG
1040 EwJBVTEMMAoGA1UECBMDTlNXMRAwDgYDVQQHEwdQeXJtb250MRIwEAYDVQQDEwlK
1041 b2VsIFNpbmcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACVjJF1FMBexFe01MNv
1042 ja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd3kfDdq0Z9kUs
1043 jLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx+U56jb0JuK7q
1044 ixgnTy5w/hOWusPTQBbNZU6sER7m8TAJBgcqhkjOPQQBA4GMADCBiAJCAOAUxGBg
1045 C3JosDJdYUoCdFzCgbkWqD8pyDbHgf9stlvZcPE4O1BIKJTLCRpS8V3ujfK58PDa
1046 2RU6+b0DeoeiIzXsAkIBo9SKeDUcSpoj0gq+KxAxnZxfvuiRs9oa9V2jI/Umi0Vw
1047 jWVim34BmT0Y9hCaOGGbLlfk+syxis7iI6CH8OFnUes=
1048 -----END CERTIFICATE-----`
1050 const clientECDSAKeyPEM
= `
1051 -----BEGIN EC PARAMETERS-----
1053 -----END EC PARAMETERS-----
1054 -----BEGIN EC PRIVATE KEY-----
1055 MIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8
1056 k+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1
1057 FMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd
1058 3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx
1059 +U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q==
1060 -----END EC PRIVATE KEY-----`
1062 func TestClientAuth(t
*testing
.T
) {
1064 var certPath
, keyPath
, ecdsaCertPath
, ecdsaKeyPath
string
1067 certPath
= tempFile(clientCertificatePEM
)
1068 defer os
.Remove(certPath
)
1069 keyPath
= tempFile(clientKeyPEM
)
1070 defer os
.Remove(keyPath
)
1071 ecdsaCertPath
= tempFile(clientECDSACertificatePEM
)
1072 defer os
.Remove(ecdsaCertPath
)
1073 ecdsaKeyPath
= tempFile(clientECDSAKeyPEM
)
1074 defer os
.Remove(ecdsaKeyPath
)
1077 config
:= testConfig
.Clone()
1078 config
.ClientAuth
= RequestClientCert
1080 test
:= &serverTest
{
1081 name
: "ClientAuthRequestedNotGiven",
1082 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
1085 runServerTestTLS12(t
, test
)
1088 name
: "ClientAuthRequestedAndGiven",
1089 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", certPath
, "-key", keyPath
},
1091 expectedPeerCerts
: []string{clientCertificatePEM
},
1093 runServerTestTLS12(t
, test
)
1096 name
: "ClientAuthRequestedAndECDSAGiven",
1097 command
: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", ecdsaCertPath
, "-key", ecdsaKeyPath
},
1099 expectedPeerCerts
: []string{clientECDSACertificatePEM
},
1101 runServerTestTLS12(t
, test
)
1104 func TestSNIGivenOnFailure(t
*testing
.T
) {
1105 const expectedServerName
= "test.testing"
1107 clientHello
:= &clientHelloMsg
{
1109 cipherSuites
: []uint16{TLS_RSA_WITH_RC4_128_SHA
},
1110 compressionMethods
: []uint8{compressionNone
},
1111 serverName
: expectedServerName
,
1114 serverConfig
:= testConfig
.Clone()
1115 // Erase the server's cipher suites to ensure the handshake fails.
1116 serverConfig
.CipherSuites
= nil
1120 cli
:= Client(c
, testConfig
)
1121 cli
.vers
= clientHello
.vers
1122 cli
.writeRecord(recordTypeHandshake
, clientHello
.marshal())
1125 hs
:= serverHandshakeState
{
1126 c
: Server(s
, serverConfig
),
1128 _
, err
:= hs
.readClientHello()
1132 t
.Error("No error reported from server")
1135 cs
:= hs
.c
.ConnectionState()
1136 if cs
.HandshakeComplete
{
1137 t
.Error("Handshake registered as complete")
1140 if cs
.ServerName
!= expectedServerName
{
1141 t
.Errorf("Expected ServerName of %q, but got %q", expectedServerName
, cs
.ServerName
)
1145 var getConfigForClientTests
= []struct {
1146 setup
func(config
*Config
)
1147 callback
func(clientHello
*ClientHelloInfo
) (*Config
, error
)
1148 errorSubstring
string
1149 verify
func(config
*Config
) error
1153 func(clientHello
*ClientHelloInfo
) (*Config
, error
) {
1161 func(clientHello
*ClientHelloInfo
) (*Config
, error
) {
1162 return nil, errors
.New("should bubble up")
1169 func(clientHello
*ClientHelloInfo
) (*Config
, error
) {
1170 config
:= testConfig
.Clone()
1171 // Setting a maximum version of TLS 1.1 should cause
1172 // the handshake to fail.
1173 config
.MaxVersion
= VersionTLS11
1176 "version 301 when expecting version 302",
1180 func(config
*Config
) {
1181 for i
:= range config
.SessionTicketKey
{
1182 config
.SessionTicketKey
[i
] = byte(i
)
1184 config
.sessionTicketKeys
= nil
1186 func(clientHello
*ClientHelloInfo
) (*Config
, error
) {
1187 config
:= testConfig
.Clone()
1188 for i
:= range config
.SessionTicketKey
{
1189 config
.SessionTicketKey
[i
] = 0
1191 config
.sessionTicketKeys
= nil
1195 func(config
*Config
) error
{
1196 // The value of SessionTicketKey should have been
1197 // duplicated into the per-connection Config.
1198 for i
:= range config
.SessionTicketKey
{
1199 if b
:= config
.SessionTicketKey
[i
]; b
!= byte(i
) {
1200 return fmt
.Errorf("SessionTicketKey was not duplicated from original Config: byte %d has value %d", i
, b
)
1207 func(config
*Config
) {
1208 var dummyKey
[32]byte
1209 for i
:= range dummyKey
{
1210 dummyKey
[i
] = byte(i
)
1213 config
.SetSessionTicketKeys([][32]byte{dummyKey
})
1215 func(clientHello
*ClientHelloInfo
) (*Config
, error
) {
1216 config
:= testConfig
.Clone()
1217 config
.sessionTicketKeys
= nil
1221 func(config
*Config
) error
{
1222 // The session ticket keys should have been duplicated
1223 // into the per-connection Config.
1224 if l
:= len(config
.sessionTicketKeys
); l
!= 1 {
1225 return fmt
.Errorf("got len(sessionTicketKeys) == %d, wanted 1", l
)
1232 func TestGetConfigForClient(t
*testing
.T
) {
1233 serverConfig
:= testConfig
.Clone()
1234 clientConfig
:= testConfig
.Clone()
1235 clientConfig
.MinVersion
= VersionTLS12
1237 for i
, test
:= range getConfigForClientTests
{
1238 if test
.setup
!= nil {
1239 test
.setup(serverConfig
)
1242 var configReturned
*Config
1243 serverConfig
.GetConfigForClient
= func(clientHello
*ClientHelloInfo
) (*Config
, error
) {
1244 config
, err
:= test
.callback(clientHello
)
1245 configReturned
= config
1249 done
:= make(chan error
)
1253 done
<- Server(s
, serverConfig
).Handshake()
1256 clientErr
:= Client(c
, clientConfig
).Handshake()
1261 if len(test
.errorSubstring
) == 0 {
1262 if serverErr
!= nil || clientErr
!= nil {
1263 t
.Errorf("test[%d]: expected no error but got serverErr: %q, clientErr: %q", i
, serverErr
, clientErr
)
1265 if test
.verify
!= nil {
1266 if err
:= test
.verify(configReturned
); err
!= nil {
1267 t
.Errorf("test[%d]: verify returned error: %v", i
, err
)
1271 if serverErr
== nil {
1272 t
.Errorf("test[%d]: expected error containing %q but got no error", i
, test
.errorSubstring
)
1273 } else if !strings
.Contains(serverErr
.Error(), test
.errorSubstring
) {
1274 t
.Errorf("test[%d]: expected error to contain %q but it was %q", i
, test
.errorSubstring
, serverErr
)
1280 func bigFromString(s
string) *big
.Int
{
1282 ret
.SetString(s
, 10)
1286 func fromHex(s
string) []byte {
1287 b
, _
:= hex
.DecodeString(s
)
1291 var testRSACertificate
= fromHex("3082024b308201b4a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301a310b3009060355040a1302476f310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b30190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b0500038181009d30cc402b5b50a061cbbae55358e1ed8328a9581aa938a495a1ac315a1a84663d43d32dd90bf297dfd320643892243a00bccf9c7db74020015faad3166109a276fd13c3cce10c5ceeb18782f16c04ed73bbb343778d0c1cf10fa1d8408361c94c722b9daedb4606064df4c1b33ec0d1bd42d4dbfe3d1360845c21d33be9fae7")
1293 var testRSACertificateIssuer
= fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76")
1295 var testECDSACertificate
= fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a")
1297 var testSNICertificate
= fromHex("0441883421114c81480804c430820237308201a0a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a3023310b3009060355040a1302476f311430120603550403130b736e69746573742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3773075300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b0500038181007beeecff0230dbb2e7a334af65430b7116e09f327c3bbf918107fc9c66cb497493207ae9b4dbb045cb63d605ec1b5dd485bb69124d68fa298dc776699b47632fd6d73cab57042acb26f083c4087459bc5a3bb3ca4d878d7fe31016b7bc9a627438666566e3389bfaeebe6becc9a0093ceed18d0f9ac79d56f3a73f18188988ed")
1299 var testRSAPrivateKey
= &rsa
.PrivateKey
{
1300 PublicKey
: rsa
.PublicKey
{
1301 N
: bigFromString("153980389784927331788354528594524332344709972855165340650588877572729725338415474372475094155672066328274535240275856844648695200875763869073572078279316458648124537905600131008790701752441155668003033945258023841165089852359980273279085783159654751552359397986180318708491098942831252291841441726305535546071"),
1304 D
: bigFromString("7746362285745539358014631136245887418412633787074173796862711588221766398229333338511838891484974940633857861775630560092874987828057333663969469797013996401149696897591265769095952887917296740109742927689053276850469671231961384712725169432413343763989564437170644270643461665184965150423819594083121075825"),
1306 bigFromString("13299275414352936908236095374926261633419699590839189494995965049151460173257838079863316944311313904000258169883815802963543635820059341150014695560313417"),
1307 bigFromString("11578103692682951732111718237224894755352163854919244905974423810539077224889290605729035287537520656160688625383765857517518932447378594964220731750802463"),
1311 var testECDSAPrivateKey
= &ecdsa
.PrivateKey
{
1312 PublicKey
: ecdsa
.PublicKey
{
1313 Curve
: elliptic
.P521(),
1314 X
: bigFromString("2636411247892461147287360222306590634450676461695221912739908880441342231985950069527906976759812296359387337367668045707086543273113073382714101597903639351"),
1315 Y
: bigFromString("3204695818431246682253994090650952614555094516658732116404513121125038617915183037601737180082382202488628239201196033284060130040574800684774115478859677243"),
1317 D
: bigFromString("5477294338614160138026852784385529180817726002953041720191098180813046231640184669647735805135001309477695746518160084669446643325196003346204701381388769751"),