runClientServerHandshake drives a TLS 1.3 handshake with the given curve preferences set on the client and captures the SupportedCurves list advertised by the client in its ClientHello. The helper is used by TestSupportedCurvesNegotiation to exercise the curves end-to-end against the standard librar
(t *testing.T, curves []tls.CurveID)
| 80 | // TestSupportedCurvesNegotiation to exercise the curves end-to-end against |
| 81 | // the standard library's TLS stack. |
| 82 | func runClientServerHandshake(t *testing.T, curves []tls.CurveID) []tls.CurveID { |
| 83 | var advertisedCurves []tls.CurveID |
| 84 | ts := httptest.NewUnstartedServer(nil) |
| 85 | ts.TLS = &tls.Config{ // nolint: gosec |
| 86 | GetConfigForClient: func(chi *tls.ClientHelloInfo) (*tls.Config, error) { |
| 87 | advertisedCurves = slices.Clone(chi.SupportedCurves) |
| 88 | return nil, nil |
| 89 | }, |
| 90 | } |
| 91 | ts.StartTLS() |
| 92 | defer ts.Close() |
| 93 | clientTLSConfig := ts.Client().Transport.(*http.Transport).TLSClientConfig |
| 94 | clientTLSConfig.CurvePreferences = curves |
| 95 | resp, err := ts.Client().Head(ts.URL) |
| 96 | if err != nil { |
| 97 | t.Error(err) |
| 98 | return nil |
| 99 | } |
| 100 | defer func() { _ = resp.Body.Close() }() |
| 101 | return advertisedCurves |
| 102 | } |
| 103 | |
| 104 | // TestSupportedCurvesNegotiation verifies that the curves returned by |
| 105 | // GetCurvePreferences survive a real TLS handshake unchanged, i.e. the |
no test coverage detected