This commit was manufactured by cvs2git to create tag 'bluhm_20191119'.bluhm_20191119

author: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
committer: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
commit: e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree: b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libtls/gotls
parent: ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download: openbsd-bluhm_20191119.tar.gz
openbsd-bluhm_20191119.tar.bz2
openbsd-bluhm_20191119.zip
3 files changed, 0 insertions, 798 deletions
diff --git a/src/regress/lib/libtls/gotls/Makefile b/src/regress/lib/libtls/gotls/Makefile
deleted file mode 100644
index ceb9e5ab0a..0000000000
--- a/src/regress/lib/libtls/gotls/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
-#       $OpenBSD: Makefile,v 1.3 2019/04/24 22:45:54 bluhm Exp $
-.if ! (make(clean) || make(cleandir) || make(obj))
-GO_VERSION != sh -c "(go version) 2>/dev/null || true"
-.endif
-.if empty(GO_VERSION)
-regress:
-        @echo package go is required for this regress
-        @echo SKIPPED
-.endif
-REGRESS_TARGETS=regress-gotls
-regress-gotls:
-        cd ${.CURDIR} && go test -test.v .
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
deleted file mode 100644
index dbd3b717b0..0000000000
--- a/src/regress/lib/libtls/gotls/tls.go
+++ /dev/null
@@ -1,351 +0,0 @@
-// Package tls provides a Go interface to the libtls library.
-package tls
-/*
-#cgo LDFLAGS: -ltls -lssl -lcrypto
-#include <stdlib.h>
-#include <tls.h>
-typedef void *tls;
-*/
-import "C"
-import (
-        "errors"
-        "fmt"
-        "time"
-        "unsafe"
-)
-var (
-        errWantPollIn  = errors.New("want poll in")
-        errWantPollOut = errors.New("want poll out")
-)
-// ProtocolVersion represents a TLS protocol version.
-type ProtocolVersion uint32
-// String returns the string representation of a protocol version.
-func (pv ProtocolVersion) String() string {
-        name, ok := protocolNames[pv]
-        if !ok {
-                return fmt.Sprintf("unknown protocol version %x", uint32(pv))
-        }
-        return name
-}
-const (
-        ProtocolTLSv10 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_0
-        ProtocolTLSv11 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_1
-        ProtocolTLSv12 ProtocolVersion = C.TLS_PROTOCOL_TLSv1_2
-        ProtocolsAll   ProtocolVersion = C.TLS_PROTOCOLS_ALL
-)
-var protocolNames = map[ProtocolVersion]string{
-        ProtocolTLSv10: "TLSv1",
-        ProtocolTLSv11: "TLSv1.1",
-        ProtocolTLSv12: "TLSv1.2",
-        ProtocolsAll:   "all",
-}
-// ProtocolVersionFromString returns the protocol version with the given name.
-func ProtocolVersionFromString(version string) (ProtocolVersion, error) {
-        for proto, name := range protocolNames {
-                if version == name {
-                        return proto, nil
-                }
-        }
-        return 0, fmt.Errorf("unknown protocol version %q", version)
-}
-// TLSConfig provides configuration options for a TLS context.
-type TLSConfig struct {
-        tlsCfg *C.struct_tls_config
-}
-// TLS encapsulates the TLS context.
-type TLS struct {
-        cfg *TLSConfig
-        ctx *C.struct_tls
-}
-// Init initialises the TLS library.
-func Init() error {
-        if C.tls_init() != 0 {
-                return errors.New("initialisation failed")
-        }
-        return nil
-}
-// NewConfig returns a new TLS configuration.
-func NewConfig() (*TLSConfig, error) {
-        cfg := C.tls_config_new()
-        if cfg == nil {
-                return nil, errors.New("failed to allocate config")
-        }
-        return &TLSConfig{
-                tlsCfg: cfg,
-        }, nil
-}
-// Error returns the error message from the TLS configuration.
-func (c *TLSConfig) Error() error {
-        if msg := C.tls_config_error(c.tlsCfg); msg != nil {
-                return errors.New(C.GoString(msg))
-        }
-        return errors.New("unknown error")
-}
-// SetCAFile sets the CA file to be used for connections.
-func (c *TLSConfig) SetCAFile(filename string) error {
-        caFile := C.CString(filename)
-        defer C.free(unsafe.Pointer(caFile))
-        if C.tls_config_set_ca_file(c.tlsCfg, caFile) != 0 {
-                return c.Error()
-        }
-        return nil
-}
-// SetCiphers sets the cipher suites enabled for the connection.
-func (c *TLSConfig) SetCiphers(ciphers string) error {
-        cipherStr := C.CString(ciphers)
-        defer C.free(unsafe.Pointer(cipherStr))
-        if C.tls_config_set_ciphers(c.tlsCfg, cipherStr) != 0 {
-                return c.Error()
-        }
-        return nil
-}
-// SetProtocols sets the protocol versions enabled for the connection.
-func (c *TLSConfig) SetProtocols(proto ProtocolVersion) error {
-        if C.tls_config_set_protocols(c.tlsCfg, C.uint32_t(proto)) != 0 {
-                return c.Error()
-        }
-        return nil
-}
-// InsecureNoVerifyCert disables certificate verification for the connection.
-func (c *TLSConfig) InsecureNoVerifyCert() {
-        C.tls_config_insecure_noverifycert(c.tlsCfg)
-}
-// InsecureNoVerifyName disables server name verification for the connection.
-func (c *TLSConfig) InsecureNoVerifyName() {
-        C.tls_config_insecure_noverifyname(c.tlsCfg)
-}
-// SetSecure enables verification for the connection.
-func (c *TLSConfig) SetVerify() {
-        C.tls_config_verify(c.tlsCfg)
-}
-// Free frees resources associated with the TLS configuration.
-func (c *TLSConfig) Free() {
-        if c.tlsCfg == nil {
-                return
-        }
-        C.tls_config_free(c.tlsCfg)
-        c.tlsCfg = nil
-}
-// NewClient returns a new TLS client context, using the optional configuration.
-// If no configuration is specified the default configuration will be used.
-func NewClient(config *TLSConfig) (*TLS, error) {
-        var sslCfg *C.struct_tls_config
-        if config != nil {
-                sslCfg = config.tlsCfg
-        }
-        ctx := C.tls_client()
-        if ctx == nil {
-                return nil, errors.New("tls client failed")
-        }
-        if C.tls_configure(ctx, sslCfg) != 0 {
-                return nil, errors.New("tls configure failed")
-        }
-        return &TLS{
-                cfg: config,
-                ctx: ctx,
-        }, nil
-}
-// Error returns the error message from the TLS context.
-func (t *TLS) Error() error {
-        if msg := C.tls_error(t.ctx); msg != nil {
-                return errors.New(C.GoString(msg))
-        }
-        return errors.New("unknown error")
-}
-// PeerCertProvided returns whether the peer provided a certificate.
-func (t *TLS) PeerCertProvided() bool {
-        return C.tls_peer_cert_provided(t.ctx) == 1
-}
-// PeerCertContainsName checks whether the peer certificate contains
-// the specified name.
-func (t *TLS) PeerCertContainsName(name string) bool {
-        n := C.CString(name)
-        defer C.free(unsafe.Pointer(n))
-        return C.tls_peer_cert_contains_name(t.ctx, n) == 1
-}
-// PeerCertIssuer returns the issuer of the peer certificate.
-func (t *TLS) PeerCertIssuer() (string, error) {
-        issuer := C.tls_peer_cert_issuer(t.ctx)
-        if issuer == nil {
-                return "", errors.New("no issuer returned")
-        }
-        return C.GoString(issuer), nil
-}
-// PeerCertSubject returns the subject of the peer certificate.
-func (t *TLS) PeerCertSubject() (string, error) {
-        subject := C.tls_peer_cert_subject(t.ctx)
-        if subject == nil {
-                return "", errors.New("no subject returned")
-        }
-        return C.GoString(subject), nil
-}
-// PeerCertHash returns a hash of the peer certificate.
-func (t *TLS) PeerCertHash() (string, error) {
-        hash := C.tls_peer_cert_hash(t.ctx)
-        if hash == nil {
-                return "", errors.New("no hash returned")
-        }
-        return C.GoString(hash), nil
-}
-// PeerCertNotBefore returns the notBefore time from the peer
-// certificate.
-func (t *TLS) PeerCertNotBefore() (time.Time, error) {
-        notBefore := C.tls_peer_cert_notbefore(t.ctx)
-        if notBefore == -1 {
-                return time.Time{}, errors.New("no notBefore time returned")
-        }
-        return time.Unix(int64(notBefore), 0), nil
-}
-// PeerCertNotAfter returns the notAfter time from the peer
-// certificate.
-func (t *TLS) PeerCertNotAfter() (time.Time, error) {
-        notAfter := C.tls_peer_cert_notafter(t.ctx)
-        if notAfter == -1 {
-                return time.Time{}, errors.New("no notAfter time")
-        }
-        return time.Unix(int64(notAfter), 0), nil
-}
-// ConnVersion returns the protocol version of the connection.
-func (t *TLS) ConnVersion() (ProtocolVersion, error) {
-        ver := C.tls_conn_version(t.ctx)
-        if ver == nil {
-                return 0, errors.New("no connection version")
-        }
-        return ProtocolVersionFromString(C.GoString(ver))
-}
-// ConnCipher returns the cipher suite used for the connection.
-func (t *TLS) ConnCipher() (string, error) {
-        cipher := C.tls_conn_cipher(t.ctx)
-        if cipher == nil {
-                return "", errors.New("no connection cipher")
-        }
-        return C.GoString(cipher), nil
-}
-// ConnCipherStrength returns the strength in bits for the symmetric
-// cipher that is used for the connection.
-func (t *TLS) ConnCipherStrength() (int, error) {
-        strength := C.tls_conn_cipher_strength(t.ctx)
-        if strength == 0 {
-                return 0, errors.New("no connection cipher strength")
-        }
-        return int(strength), nil
-}
-// Connect attempts to establish an TLS connection to the specified host on
-// the given port. The host may optionally contain a colon separated port
-// value if the port string is specified as an empty string.
-func (t *TLS) Connect(host, port string) error {
-        h := C.CString(host)
-        var p *C.char
-        if port != "" {
-                p = C.CString(port)
-        }
-        defer C.free(unsafe.Pointer(h))
-        defer C.free(unsafe.Pointer(p))
-        if C.tls_connect(t.ctx, h, p) != 0 {
-                return t.Error()
-        }
-        return nil
-}
-// Handshake attempts to complete the TLS handshake.
-func (t *TLS) Handshake() error {
-        ret := C.tls_handshake(t.ctx)
-        switch {
-        case ret == C.TLS_WANT_POLLIN:
-                return errWantPollIn
-        case ret == C.TLS_WANT_POLLOUT:
-                return errWantPollOut
-        case ret != 0:
-                return t.Error()
-        }
-        return nil
-}
-// Read reads data the TLS connection into the given buffer.
-func (t *TLS) Read(buf []byte) (int, error) {
-        ret := C.tls_read(t.ctx, unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
-        switch {
-        case ret == C.TLS_WANT_POLLIN:
-                return -1, errWantPollIn
-        case ret == C.TLS_WANT_POLLOUT:
-                return -1, errWantPollOut
-        case ret < 0:
-                return -1, t.Error()
-        }
-        return int(ret), nil
-}
-// Write writes the given data to the TLS connection.
-func (t *TLS) Write(buf []byte) (int, error) {
-        p := C.CString(string(buf))
-        defer C.free(unsafe.Pointer(p))
-        ret := C.tls_write(t.ctx, unsafe.Pointer(p), C.size_t(len(buf)))
-        switch {
-        case ret == C.TLS_WANT_POLLIN:
-                return -1, errWantPollIn
-        case ret == C.TLS_WANT_POLLOUT:
-                return -1, errWantPollOut
-        case ret < 0:
-                return -1, t.Error()
-        }
-        return int(ret), nil
-}
-// Close closes the TLS connection.
-func (t *TLS) Close() error {
-        ret := C.tls_close(t.ctx)
-        switch {
-        case ret == C.TLS_WANT_POLLIN:
-                return errWantPollIn
-        case ret == C.TLS_WANT_POLLOUT:
-                return errWantPollOut
-        case ret != 0:
-                return t.Error()
-        }
-        return nil
-}
-// Free frees resources associated with the TLS context.
-func (t *TLS) Free() {
-        if t.ctx == nil {
-                return
-        }
-        C.tls_free(t.ctx)
-        t.ctx = nil
-}
diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go
deleted file mode 100644
index 1a9f62eff8..0000000000
--- a/src/regress/lib/libtls/gotls/tls_test.go
+++ /dev/null
@@ -1,429 +0,0 @@
-package tls
-import (
-        "crypto/tls"
-        "encoding/pem"
-        "fmt"
-        "io/ioutil"
-        "net/http"
-        "net/http/httptest"
-        "net/url"
-        "os"
-        "strings"
-        "testing"
-        "time"
-)
-const (
-        httpContent = "Hello, TLS!"
-        certHash = "SHA256:448f628a8a65aa18560e53a80c53acb38c51b427df0334082349141147dc9bf6"
-)
-var (
-        certNotBefore = time.Unix(0, 0)
-        certNotAfter  = certNotBefore.Add(1000000 * time.Hour)
-)
-type handshakeError string
-func (he handshakeError) Error() string {
-        return string(he)
-}
-// createCAFile writes a PEM encoded version of the certificate out to a
-// temporary file, for use by libtls.
-func createCAFile(cert []byte) (string, error) {
-        f, err := ioutil.TempFile("", "tls")
-        if err != nil {
-                return "", fmt.Errorf("failed to create file: %v", err)
-        }
-        defer f.Close()
-        block := &pem.Block{
-                Type:  "CERTIFICATE",
-                Bytes: cert,
-        }
-        if err := pem.Encode(f, block); err != nil {
-                return "", fmt.Errorf("failed to encode certificate: %v", err)
-        }
-        return f.Name(), nil
-}
-func newTestServer(tlsCfg *tls.Config) (*httptest.Server, *url.URL, string, error) {
-        ts := httptest.NewUnstartedServer(
-                http.HandlerFunc(
-                        func(w http.ResponseWriter, r *http.Request) {
-                                fmt.Fprintln(w, httpContent)
-                        },
-                ),
-        )
-        ts.TLS = tlsCfg
-        ts.StartTLS()
-        u, err := url.Parse(ts.URL)
-        if err != nil {
-                return nil, nil, "", fmt.Errorf("failed to parse URL %q: %v", ts.URL, err)
-        }
-        caFile, err := createCAFile(ts.TLS.Certificates[0].Certificate[0])
-        if err != nil {
-                return nil, nil, "", fmt.Errorf("failed to create CA file: %v", err)
-        }
-        return ts, u, caFile, nil
-}
-func handshakeVersionTest(tlsCfg *tls.Config) (ProtocolVersion, error) {
-        ts, u, caFile, err := newTestServer(tlsCfg)
-        if err != nil {
-                return 0, fmt.Errorf("failed to start test server: %v", err)
-        }
-        defer os.Remove(caFile)
-        defer ts.Close()
-        if err := Init(); err != nil {
-                return 0, err
-        }
-        cfg, err := NewConfig()
-        if err != nil {
-                return 0, err
-        }
-        defer cfg.Free()
-        if err := cfg.SetCAFile(caFile); err != nil {
-                return 0, err
-        }
-        if err := cfg.SetCiphers("compat"); err != nil {
-                return 0, err
-        }
-        if err := cfg.SetProtocols(ProtocolsAll); err != nil {
-                return 0, err
-        }
-        tls, err := NewClient(cfg)
-        if err != nil {
-                return 0, err
-        }
-        defer tls.Free()
-        if err := tls.Connect(u.Host, ""); err != nil {
-                return 0, err
-        }
-        if err := tls.Handshake(); err != nil {
-                return 0, handshakeError(err.Error())
-        }
-        version, err := tls.ConnVersion()
-        if err != nil {
-                return 0, err
-        }
-        if err := tls.Close(); err != nil {
-                return 0, err
-        }
-        return version, nil
-}
-func TestTLSBasic(t *testing.T) {
-        ts, u, caFile, err := newTestServer(nil)
-        if err != nil {
-                t.Fatalf("Failed to start test server: %v", err)
-        }
-        defer os.Remove(caFile)
-        defer ts.Close()
-        if err := Init(); err != nil {
-                t.Fatal(err)
-        }
-        cfg, err := NewConfig()
-        if err != nil {
-                t.Fatal(err)
-        }
-        defer cfg.Free()
-        if err := cfg.SetCAFile(caFile); err != nil {
-                t.Fatal(err)
-        }
-        tls, err := NewClient(cfg)
-        if err != nil {
-                t.Fatal(err)
-        }
-        defer tls.Free()
-        t.Logf("Connecting to %s", u.Host)
-        if err := tls.Connect(u.Host, ""); err != nil {
-                t.Fatal(err)
-        }
-        defer func() {
-                if err := tls.Close(); err != nil {
-                        t.Fatalf("Close failed: %v", err)
-                }
-        }()
-        n, err := tls.Write([]byte("GET / HTTP/1.0\n\n"))
-        if err != nil {
-                t.Fatal(err)
-        }
-        t.Logf("Wrote %d bytes...", n)
-        buf := make([]byte, 1024)
-        n, err = tls.Read(buf)
-        if err != nil {
-                t.Fatal(err)
-        }
-        t.Logf("Read %d bytes...", n)
-        if !strings.Contains(string(buf), httpContent) {
-                t.Errorf("Response does not contain %q", httpContent)
-        }
-}
-func TestTLSVersions(t *testing.T) {
-        tests := []struct {
-                minVersion       uint16
-                maxVersion       uint16
-                wantVersion      ProtocolVersion
-                wantHandshakeErr bool
-        }{
-                {tls.VersionSSL30, tls.VersionTLS12, ProtocolTLSv12, false},
-                {tls.VersionTLS10, tls.VersionTLS12, ProtocolTLSv12, false},
-                {tls.VersionTLS11, tls.VersionTLS12, ProtocolTLSv12, false},
-                {tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, false},
-                {tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, false},
-                {tls.VersionSSL30, tls.VersionSSL30, 0, true},
-                {tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, false},
-                {tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, false},
-                {tls.VersionTLS12, tls.VersionTLS12, ProtocolTLSv12, false},
-        }
-        for i, test := range tests {
-                t.Logf("Testing handshake with protocols %x:%x", test.minVersion, test.maxVersion)
-                tlsCfg := &tls.Config{
-                        MinVersion: test.minVersion,
-                        MaxVersion: test.maxVersion,
-                }
-                version, err := handshakeVersionTest(tlsCfg)
-                switch {
-                case test.wantHandshakeErr && err == nil:
-                        t.Errorf("Test %d - handshake %x:%x succeeded, want handshake error",
-                                i, test.minVersion, test.maxVersion)
-                case test.wantHandshakeErr && err != nil:
-                        if _, ok := err.(handshakeError); !ok {
-                                t.Errorf("Test %d - handshake %x:%x; got unknown error, want handshake error: %v",
-                                        i, test.minVersion, test.maxVersion, err)
-                        }
-                case !test.wantHandshakeErr && err != nil:
-                        t.Errorf("Test %d - handshake %x:%x failed: %v", i, test.minVersion, test.maxVersion, err)
-                case !test.wantHandshakeErr && err == nil:
-                        if got, want := version, test.wantVersion; got != want {
-                                t.Errorf("Test %d - handshake %x:%x; got protocol version %v, want %v",
-                                        i, test.minVersion, test.maxVersion, got, want)
-                        }
-                }
-        }
-}
-func TestTLSSingleByteReadWrite(t *testing.T) {
-        ts, u, caFile, err := newTestServer(nil)
-        if err != nil {
-                t.Fatalf("Failed to start test server: %v", err)
-        }
-        defer os.Remove(caFile)
-        defer ts.Close()
-        if err := Init(); err != nil {
-                t.Fatal(err)
-        }
-        cfg, err := NewConfig()
-        if err != nil {
-                t.Fatal(err)
-        }
-        defer cfg.Free()
-        if err := cfg.SetCAFile(caFile); err != nil {
-                t.Fatal(err)
-        }
-        tls, err := NewClient(cfg)
-        if err != nil {
-                t.Fatal(err)
-        }
-        defer tls.Free()
-        t.Logf("Connecting to %s", u.Host)
-        if err := tls.Connect(u.Host, ""); err != nil {
-                t.Fatal(err)
-        }
-        defer func() {
-                if err := tls.Close(); err != nil {
-                        t.Fatalf("Close failed: %v", err)
-                }
-        }()
-        for _, b := range []byte("GET / HTTP/1.0\n\n") {
-                n, err := tls.Write([]byte{b})
-                if err != nil {
-                        t.Fatal(err)
-                }
-                if n != 1 {
-                        t.Fatalf("Wrote byte %v, got length %d, want 1", b, n)
-                }
-        }
-        var body []byte
-        for {
-                buf := make([]byte, 1)
-                n, err := tls.Read(buf)
-                if err != nil {
-                        t.Fatal(err)
-                }
-                if n == 0 {
-                        break
-                }
-                if n != 1 {
-                        t.Fatalf("Read single byte, got length %d, want 1", n)
-                }
-                body = append(body, buf...)
-        }
-        if !strings.Contains(string(body), httpContent) {
-                t.Errorf("Response does not contain %q", httpContent)
-        }
-}
-func TestTLSInfo(t *testing.T) {
-        ts, u, caFile, err := newTestServer(nil)
-        if err != nil {
-                t.Fatalf("Failed to start test server: %v", err)
-        }
-        defer os.Remove(caFile)
-        defer ts.Close()
-        if err := Init(); err != nil {
-                t.Fatal(err)
-        }
-        cfg, err := NewConfig()
-        if err != nil {
-                t.Fatal(err)
-        }
-        defer cfg.Free()
-        if err := cfg.SetCAFile(caFile); err != nil {
-                t.Fatal(err)
-        }
-        tls, err := NewClient(cfg)
-        if err != nil {
-                t.Fatal(err)
-        }
-        defer tls.Free()
-        t.Logf("Connecting to %s", u.Host)
-        if err := tls.Connect(u.Host, ""); err != nil {
-                t.Fatal(err)
-        }
-        defer func() {
-                if err := tls.Close(); err != nil {
-                        t.Fatalf("Close failed: %v", err)
-                }
-        }()
-        // All of these should fail since the handshake has not completed.
-        if _, err := tls.ConnVersion(); err == nil {
-                t.Error("ConnVersion() return nil error, want error")
-        }
-        if _, err := tls.ConnCipher(); err == nil {
-                t.Error("ConnCipher() return nil error, want error")
-        }
-        if _, err := tls.ConnCipherStrength(); err == nil {
-                t.Error("ConnCipherStrength() return nil error, want error")
-        }
-        if got, want := tls.PeerCertProvided(), false; got != want {
-                t.Errorf("PeerCertProvided() = %v, want %v", got, want)
-        }
-        for _, name := range []string{"127.0.0.1", "::1", "example.com"} {
-                if got, want := tls.PeerCertContainsName(name), false; got != want {
-                        t.Errorf("PeerCertContainsName(%q) = %v, want %v", name, got, want)
-                }
-        }
-        if _, err := tls.PeerCertIssuer(); err == nil {
-                t.Error("PeerCertIssuer() returned nil error, want error")
-        }
-        if _, err := tls.PeerCertSubject(); err == nil {
-                t.Error("PeerCertSubject() returned nil error, want error")
-        }
-        if _, err := tls.PeerCertHash(); err == nil {
-                t.Error("PeerCertHash() returned nil error, want error")
-        }
-        if _, err := tls.PeerCertNotBefore(); err == nil {
-                t.Error("PeerCertNotBefore() returned nil error, want error")
-        }
-        if _, err := tls.PeerCertNotAfter(); err == nil {
-                t.Error("PeerCertNotAfter() returned nil error, want error")
-        }
-        // Complete the handshake...
-        if err := tls.Handshake(); err != nil {
-                t.Fatalf("Handshake failed: %v", err)
-        }
-        if version, err := tls.ConnVersion(); err != nil {
-                t.Errorf("ConnVersion() returned error: %v", err)
-        } else {
-                t.Logf("Protocol version: %v", version)
-        }
-        if cipher, err := tls.ConnCipher(); err != nil {
-                t.Errorf("ConnCipher() returned error: %v", err)
-        } else {
-                t.Logf("Cipher: %v", cipher)
-        }
-        if strength, err := tls.ConnCipherStrength(); err != nil {
-                t.Errorf("ConnCipherStrength() return ederror: %v", err)
-        } else {
-                t.Logf("Cipher Strength: %v bits", strength)
-        }
-        if got, want := tls.PeerCertProvided(), true; got != want {
-                t.Errorf("PeerCertProvided() = %v, want %v", got, want)
-        }
-        for _, name := range []string{"127.0.0.1", "::1", "example.com"} {
-                if got, want := tls.PeerCertContainsName(name), true; got != want {
-                        t.Errorf("PeerCertContainsName(%q) = %v, want %v", name, got, want)
-                }
-        }
-        if issuer, err := tls.PeerCertIssuer(); err != nil {
-                t.Errorf("PeerCertIssuer() returned error: %v", err)
-        } else {
-                t.Logf("Issuer: %v", issuer)
-        }
-        if subject, err := tls.PeerCertSubject(); err != nil {
-                t.Errorf("PeerCertSubject() returned error: %v", err)
-        } else {
-                t.Logf("Subject: %v", subject)
-        }
-        if hash, err := tls.PeerCertHash(); err != nil {
-                t.Errorf("PeerCertHash() returned error: %v", err)
-        } else if hash != certHash {
-                t.Errorf("Got cert hash %q, want %q", hash, certHash)
-        } else {
-                t.Logf("Hash: %v", hash)
-        }
-        if notBefore, err := tls.PeerCertNotBefore(); err != nil {
-                t.Errorf("PeerCertNotBefore() returned error: %v", err)
-        } else if !certNotBefore.Equal(notBefore) {
-                t.Errorf("Got cert notBefore %v, want %v", notBefore.UTC(), certNotBefore.UTC())
-        } else {
-                t.Logf("NotBefore: %v", notBefore.UTC())
-        }
-        if notAfter, err := tls.PeerCertNotAfter(); err != nil {
-                t.Errorf("PeerCertNotAfter() returned error: %v", err)
-        } else if !certNotAfter.Equal(notAfter) {
-                t.Errorf("Got cert notAfter %v, want %v", notAfter.UTC(), certNotAfter.UTC())
-        } else {
-                t.Logf("NotAfter: %v", notAfter.UTC())
-        }
-}
author	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
committer	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
commit	e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree	b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libtls/gotls
parent	ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download	openbsd-bluhm_20191119.tar.gz openbsd-bluhm_20191119.tar.bz2 openbsd-bluhm_20191119.zip