(t *testing.T)
| 357 | } |
| 358 | |
| 359 | func TestDownloadTLSWithRedirect(t *testing.T) { |
| 360 | cd := "../../testdata" |
| 361 | srv2Resp := "hello" |
| 362 | insecureSkipTLSVerify := false |
| 363 | |
| 364 | // Server 2 that will actually fulfil the request. |
| 365 | ca, pub, priv := filepath.Join(cd, "rootca.crt"), filepath.Join(cd, "localhost-crt.pem"), filepath.Join(cd, "key.pem") |
| 366 | tlsConf, err := tlsutil.NewTLSConfig( |
| 367 | tlsutil.WithCAFile(ca), |
| 368 | tlsutil.WithCertKeyPairFiles(pub, priv), |
| 369 | tlsutil.WithInsecureSkipVerify(insecureSkipTLSVerify), |
| 370 | ) |
| 371 | |
| 372 | if err != nil { |
| 373 | t.Fatal(fmt.Errorf("can't create TLS config for client: %w", err)) |
| 374 | } |
| 375 | |
| 376 | tlsSrv2 := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { |
| 377 | rw.Header().Set("Content-Type", "text/plain") |
| 378 | rw.Write([]byte(srv2Resp)) |
| 379 | })) |
| 380 | |
| 381 | tlsSrv2.TLS = tlsConf |
| 382 | tlsSrv2.StartTLS() |
| 383 | defer tlsSrv2.Close() |
| 384 | |
| 385 | // Server 1 responds with a redirect to Server 2. |
| 386 | ca, pub, priv = filepath.Join(cd, "rootca.crt"), filepath.Join(cd, "crt.pem"), filepath.Join(cd, "key.pem") |
| 387 | tlsConf, err = tlsutil.NewTLSConfig( |
| 388 | tlsutil.WithCAFile(ca), |
| 389 | tlsutil.WithCertKeyPairFiles(pub, priv), |
| 390 | tlsutil.WithInsecureSkipVerify(insecureSkipTLSVerify), |
| 391 | ) |
| 392 | |
| 393 | if err != nil { |
| 394 | t.Fatal(fmt.Errorf("can't create TLS config for client: %w", err)) |
| 395 | } |
| 396 | |
| 397 | tlsSrv1 := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 398 | u, _ := url.ParseRequestURI(tlsSrv2.URL) |
| 399 | |
| 400 | // Make the request using the hostname 'localhost' (to which 'localhost-crt.pem' is issued) |
| 401 | // to verify that a successful TLS connection is made even if the client doesn't specify |
| 402 | // the hostname (SNI) in `tls.Config.ServerName`. By default the hostname is derived from the |
| 403 | // request URL for every request (including redirects). Setting `tls.Config.ServerName` on the |
| 404 | // client just overrides the remote endpoint's hostname. |
| 405 | // See https://github.com/golang/go/blob/3979fb9/src/net/http/transport.go#L1505-L1513. |
| 406 | u.Host = "localhost:" + u.Port() |
| 407 | |
| 408 | http.Redirect(rw, r, u.String(), http.StatusTemporaryRedirect) |
| 409 | })) |
| 410 | |
| 411 | tlsSrv1.TLS = tlsConf |
| 412 | tlsSrv1.StartTLS() |
| 413 | defer tlsSrv1.Close() |
| 414 | |
| 415 | u, _ := url.ParseRequestURI(tlsSrv1.URL) |
| 416 |
nothing calls this directly
no test coverage detected
searching dependent graphs…