diff --git a/integrationtests/self/handshake_rtt_test.go b/integrationtests/self/handshake_rtt_test.go index 48c723ed5..803ace2b0 100644 --- a/integrationtests/self/handshake_rtt_test.go +++ b/integrationtests/self/handshake_rtt_test.go @@ -107,17 +107,6 @@ var _ = Describe("Handshake RTT tests", func() { expectDurationInRTTs(4) }) - It("does version negotiation, when the server supports more versions than the client", func() { - Expect(len(protocol.SupportedVersions)).To(BeNumerically(">", 1)) - // the server doesn't support the highest supported version, which is the first one the client will try - // but it supports a bunch of versions that the client doesn't speak - serverConfig.Versions = []protocol.VersionNumber{protocol.SupportedVersions[1], 7, 8, 9} - runServerAndProxy() - _, err := quic.DialAddr(proxy.LocalAddr().String(), &tls.Config{InsecureSkipVerify: true}, nil) - Expect(err).ToNot(HaveOccurred()) - expectDurationInRTTs(4) - }) - // 1 RTT for verifying the source address // 1 RTT to become secure // TODO (marten-seemann): enable this test (see #625) @@ -160,15 +149,4 @@ var _ = Describe("Handshake RTT tests", func() { // plus 1 RTT: the timer starts 0.5 RTTs after sending the first packet, and the CONNECTION_CLOSE needs another 0.5 RTTs to reach the client expectDurationInRTTs(3) }) - - It("errors when the client doesn't accept the certificate", func() { - // don't validate the client's address, send the certificate in the first flight - serverConfig.AcceptCookie = func(_ net.Addr, _ *quic.Cookie) bool { - return true - } - runServerAndProxy() - _, err := quic.DialAddr(proxy.LocalAddr().String(), nil, nil) - Expect(err).To(MatchError(qerr.ProofInvalid)) - expectDurationInRTTs(1) - }) }) diff --git a/integrationtests/self/handshake_test.go b/integrationtests/self/handshake_test.go new file mode 100644 index 000000000..cd5b69ad7 --- /dev/null +++ b/integrationtests/self/handshake_test.go @@ -0,0 +1,109 @@ +package self + +import ( + "crypto/tls" + "fmt" + "net" + + quic "github.com/lucas-clemente/quic-go" + "github.com/lucas-clemente/quic-go/internal/protocol" + "github.com/lucas-clemente/quic-go/internal/testdata" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Handshake tests", func() { + var ( + server quic.Listener + serverConfig *quic.Config + acceptStopped chan struct{} + ) + + BeforeEach(func() { + acceptStopped = make(chan struct{}) + serverConfig = &quic.Config{} + }) + + AfterEach(func() { + Expect(server.Close()).To(Succeed()) + <-acceptStopped + }) + + runServer := func() { + var err error + // start the server + server, err = quic.ListenAddr("localhost:0", testdata.GetTLSConfig(), serverConfig) + Expect(err).ToNot(HaveOccurred()) + + go func() { + defer GinkgoRecover() + defer close(acceptStopped) + for { + _, err := server.Accept() + if err != nil { + return + } + } + }() + } + + Context("Version Negotiation", func() { + It("when the server supports more versions than the client", func() { + Expect(len(protocol.SupportedVersions)).To(BeNumerically(">", 1)) + // the server doesn't support the highest supported version, which is the first one the client will try + // but it supports a bunch of versions that the client doesn't speak + serverConfig.Versions = []protocol.VersionNumber{protocol.SupportedVersions[1], 7, 8, 9} + runServer() + _, err := quic.DialAddr(server.Addr().String(), &tls.Config{InsecureSkipVerify: true}, nil) + Expect(err).ToNot(HaveOccurred()) + }) + + It("when the client supports more versions than the supports", func() { + Expect(len(protocol.SupportedVersions)).To(BeNumerically(">", 1)) + // the server doesn't support the highest supported version, which is the first one the client will try + // but it supports a bunch of versions that the client doesn't speak + runServer() + conf := &quic.Config{ + Versions: []protocol.VersionNumber{7, 8, 9, protocol.SupportedVersions[1], 10}, + } + _, err := quic.DialAddr(server.Addr().String(), &tls.Config{InsecureSkipVerify: true}, conf) + Expect(err).ToNot(HaveOccurred()) + }) + }) + + Context("Certifiate validation", func() { + for _, v := range []protocol.VersionNumber{protocol.Version39, protocol.VersionTLS} { + version := v + + Context(fmt.Sprintf("using %s", version), func() { + var clientConfig *quic.Config + + BeforeEach(func() { + serverConfig.Versions = []protocol.VersionNumber{version} + clientConfig = &quic.Config{ + Versions: []protocol.VersionNumber{version}, + } + }) + + It("accepts the certificate", func() { + runServer() + _, err := quic.DialAddr(fmt.Sprintf("quic.clemente.io:%d", server.Addr().(*net.UDPAddr).Port), nil, clientConfig) + Expect(err).ToNot(HaveOccurred()) + }) + + It("errors if the server name doesn't match", func() { + runServer() + _, err := quic.DialAddr(fmt.Sprintf("127.0.0.1:%d", server.Addr().(*net.UDPAddr).Port), nil, clientConfig) + Expect(err).To(HaveOccurred()) + }) + + It("uses the ServerName in the tls.Config", func() { + runServer() + conf := &tls.Config{ServerName: "quic.clemente.io"} + _, err := quic.DialAddr(fmt.Sprintf("127.0.0.1:%d", server.Addr().(*net.UDPAddr).Port), conf, clientConfig) + Expect(err).ToNot(HaveOccurred()) + }) + }) + } + }) +})