luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

tlsutil: Testing VerifyServerHostname on OutgoingConfig

This commit is contained in:
Armon Dadgar 2015-05-11 15:27:09 -07:00
parent 1952083354
commit b9d640aa3b
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tlsutil/config.go
View File

@ -98,6 +98,10 @@ func (c *Config) KeyPair() (*tls.Certificate, error) {
// requests. It will return a nil config if this configuration should // requests. It will return a nil config if this configuration should
// not use TLS for outgoing connections. // not use TLS for outgoing connections.
func (c *Config) OutgoingTLSConfig() (*tls.Config, error) { func (c *Config) OutgoingTLSConfig() (*tls.Config, error) {
// If VerifyServerHostname is true, that implies VerifyOutgoing
if c.VerifyServerHostname {
c.VerifyOutgoing = true
}
if !c.VerifyOutgoing { if !c.VerifyOutgoing {
return nil, nil return nil, nil
} }

23
tlsutil/config_test.go
View File

@ -133,6 +133,29 @@ func TestConfig_OutgoingTLS_ServerName(t *testing.T) {
} }
} }
func TestConfig_OutgoingTLS_VerifyHostname(t *testing.T) {
conf := &Config{
VerifyServerHostname: true,
CAFile: "../test/ca/root.cer",
}
tls, err := conf.OutgoingTLSConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if tls == nil {
t.Fatalf("expected config")
}
if len(tls.RootCAs.Subjects()) != 1 {
t.Fatalf("expect root cert")
}
if tls.ServerName != "VerifyServerHostname" {
t.Fatalf("expect server name")
}
if tls.InsecureSkipVerify {
t.Fatalf("should not skip built-in verification")
}
}
func TestConfig_OutgoingTLS_WithKeyPair(t *testing.T) { func TestConfig_OutgoingTLS_WithKeyPair(t *testing.T) {
conf := &Config{ conf := &Config{
VerifyOutgoing: true, VerifyOutgoing: true,