Source file
src/crypto/tls/quic_test.go
1
2
3
4
5 package tls
6
7 import (
8 "bytes"
9 "context"
10 "errors"
11 "reflect"
12 "strings"
13 "testing"
14 )
15
16 type testQUICConn struct {
17 t *testing.T
18 conn *QUICConn
19 readSecret map[QUICEncryptionLevel]suiteSecret
20 writeSecret map[QUICEncryptionLevel]suiteSecret
21 ticketOpts QUICSessionTicketOptions
22 onResumeSession func(*SessionState)
23 gotParams []byte
24 earlyDataRejected bool
25 complete bool
26 }
27
28 func newTestQUICClient(t *testing.T, config *QUICConfig) *testQUICConn {
29 q := &testQUICConn{
30 t: t,
31 conn: QUICClient(config),
32 }
33 t.Cleanup(func() {
34 q.conn.Close()
35 })
36 return q
37 }
38
39 func newTestQUICServer(t *testing.T, config *QUICConfig) *testQUICConn {
40 q := &testQUICConn{
41 t: t,
42 conn: QUICServer(config),
43 }
44 t.Cleanup(func() {
45 q.conn.Close()
46 })
47 return q
48 }
49
50 type suiteSecret struct {
51 suite uint16
52 secret []byte
53 }
54
55 func (q *testQUICConn) setReadSecret(level QUICEncryptionLevel, suite uint16, secret []byte) {
56 if _, ok := q.writeSecret[level]; !ok && level != QUICEncryptionLevelEarly {
57 q.t.Errorf("SetReadSecret for level %v called before SetWriteSecret", level)
58 }
59 if level == QUICEncryptionLevelApplication && !q.complete {
60 q.t.Errorf("SetReadSecret for level %v called before HandshakeComplete", level)
61 }
62 if _, ok := q.readSecret[level]; ok {
63 q.t.Errorf("SetReadSecret for level %v called twice", level)
64 }
65 if q.readSecret == nil {
66 q.readSecret = map[QUICEncryptionLevel]suiteSecret{}
67 }
68 switch level {
69 case QUICEncryptionLevelHandshake,
70 QUICEncryptionLevelEarly,
71 QUICEncryptionLevelApplication:
72 q.readSecret[level] = suiteSecret{suite, secret}
73 default:
74 q.t.Errorf("SetReadSecret for unexpected level %v", level)
75 }
76 }
77
78 func (q *testQUICConn) setWriteSecret(level QUICEncryptionLevel, suite uint16, secret []byte) {
79 if _, ok := q.writeSecret[level]; ok {
80 q.t.Errorf("SetWriteSecret for level %v called twice", level)
81 }
82 if q.writeSecret == nil {
83 q.writeSecret = map[QUICEncryptionLevel]suiteSecret{}
84 }
85 switch level {
86 case QUICEncryptionLevelHandshake,
87 QUICEncryptionLevelEarly,
88 QUICEncryptionLevelApplication:
89 q.writeSecret[level] = suiteSecret{suite, secret}
90 default:
91 q.t.Errorf("SetWriteSecret for unexpected level %v", level)
92 }
93 }
94
95 var errTransportParametersRequired = errors.New("transport parameters required")
96
97 func runTestQUICConnection(ctx context.Context, cli, srv *testQUICConn, onEvent func(e QUICEvent, src, dst *testQUICConn) bool) error {
98 a, b := cli, srv
99 for _, c := range []*testQUICConn{a, b} {
100 if !c.conn.conn.quic.started {
101 if err := c.conn.Start(ctx); err != nil {
102 return err
103 }
104 }
105 }
106 idleCount := 0
107 for {
108 e := a.conn.NextEvent()
109 if onEvent != nil && onEvent(e, a, b) {
110 continue
111 }
112 switch e.Kind {
113 case QUICNoEvent:
114 idleCount++
115 if idleCount == 2 {
116 if !a.complete || !b.complete {
117 return errors.New("handshake incomplete")
118 }
119 return nil
120 }
121 a, b = b, a
122 case QUICSetReadSecret:
123 a.setReadSecret(e.Level, e.Suite, e.Data)
124 case QUICSetWriteSecret:
125 a.setWriteSecret(e.Level, e.Suite, e.Data)
126 case QUICWriteData:
127 if err := b.conn.HandleData(e.Level, e.Data); err != nil {
128 return err
129 }
130 case QUICTransportParameters:
131 a.gotParams = e.Data
132 if a.gotParams == nil {
133 a.gotParams = []byte{}
134 }
135 case QUICTransportParametersRequired:
136 return errTransportParametersRequired
137 case QUICHandshakeDone:
138 a.complete = true
139 if a == srv {
140 if err := srv.conn.SendSessionTicket(srv.ticketOpts); err != nil {
141 return err
142 }
143 }
144 case QUICStoreSession:
145 if a != cli {
146 return errors.New("unexpected QUICStoreSession event received by server")
147 }
148 a.conn.StoreSession(e.SessionState)
149 case QUICResumeSession:
150 if a.onResumeSession != nil {
151 a.onResumeSession(e.SessionState)
152 }
153 case QUICRejectedEarlyData:
154 a.earlyDataRejected = true
155 }
156 if e.Kind != QUICNoEvent {
157 idleCount = 0
158 }
159 }
160 }
161
162 func TestQUICConnection(t *testing.T) {
163 config := &QUICConfig{TLSConfig: testConfig.Clone()}
164 config.TLSConfig.MinVersion = VersionTLS13
165
166 cli := newTestQUICClient(t, config)
167 cli.conn.SetTransportParameters(nil)
168
169 srv := newTestQUICServer(t, config)
170 srv.conn.SetTransportParameters(nil)
171
172 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
173 t.Fatalf("error during connection handshake: %v", err)
174 }
175
176 if _, ok := cli.readSecret[QUICEncryptionLevelHandshake]; !ok {
177 t.Errorf("client has no Handshake secret")
178 }
179 if _, ok := cli.readSecret[QUICEncryptionLevelApplication]; !ok {
180 t.Errorf("client has no Application secret")
181 }
182 if _, ok := srv.readSecret[QUICEncryptionLevelHandshake]; !ok {
183 t.Errorf("server has no Handshake secret")
184 }
185 if _, ok := srv.readSecret[QUICEncryptionLevelApplication]; !ok {
186 t.Errorf("server has no Application secret")
187 }
188 for _, level := range []QUICEncryptionLevel{QUICEncryptionLevelHandshake, QUICEncryptionLevelApplication} {
189 if _, ok := cli.readSecret[level]; !ok {
190 t.Errorf("client has no %v read secret", level)
191 }
192 if _, ok := srv.readSecret[level]; !ok {
193 t.Errorf("server has no %v read secret", level)
194 }
195 if !reflect.DeepEqual(cli.readSecret[level], srv.writeSecret[level]) {
196 t.Errorf("client read secret does not match server write secret for level %v", level)
197 }
198 if !reflect.DeepEqual(cli.writeSecret[level], srv.readSecret[level]) {
199 t.Errorf("client write secret does not match server read secret for level %v", level)
200 }
201 }
202 }
203
204 func TestQUICSessionResumption(t *testing.T) {
205 clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
206 clientConfig.TLSConfig.MinVersion = VersionTLS13
207 clientConfig.TLSConfig.ClientSessionCache = NewLRUClientSessionCache(1)
208 clientConfig.TLSConfig.ServerName = "example.go.dev"
209
210 serverConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
211 serverConfig.TLSConfig.MinVersion = VersionTLS13
212
213 cli := newTestQUICClient(t, clientConfig)
214 cli.conn.SetTransportParameters(nil)
215 srv := newTestQUICServer(t, serverConfig)
216 srv.conn.SetTransportParameters(nil)
217 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
218 t.Fatalf("error during first connection handshake: %v", err)
219 }
220 if cli.conn.ConnectionState().DidResume {
221 t.Errorf("first connection unexpectedly used session resumption")
222 }
223
224 cli2 := newTestQUICClient(t, clientConfig)
225 cli2.conn.SetTransportParameters(nil)
226 srv2 := newTestQUICServer(t, serverConfig)
227 srv2.conn.SetTransportParameters(nil)
228 if err := runTestQUICConnection(context.Background(), cli2, srv2, nil); err != nil {
229 t.Fatalf("error during second connection handshake: %v", err)
230 }
231 if !cli2.conn.ConnectionState().DidResume {
232 t.Errorf("second connection did not use session resumption")
233 }
234
235 clientConfig.TLSConfig.SessionTicketsDisabled = true
236 cli3 := newTestQUICClient(t, clientConfig)
237 cli3.conn.SetTransportParameters(nil)
238 srv3 := newTestQUICServer(t, serverConfig)
239 srv3.conn.SetTransportParameters(nil)
240 if err := runTestQUICConnection(context.Background(), cli3, srv3, nil); err != nil {
241 t.Fatalf("error during third connection handshake: %v", err)
242 }
243 if cli3.conn.ConnectionState().DidResume {
244 t.Errorf("third connection unexpectedly used session resumption")
245 }
246 }
247
248 func TestQUICFragmentaryData(t *testing.T) {
249 clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
250 clientConfig.TLSConfig.MinVersion = VersionTLS13
251 clientConfig.TLSConfig.ClientSessionCache = NewLRUClientSessionCache(1)
252 clientConfig.TLSConfig.ServerName = "example.go.dev"
253
254 serverConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
255 serverConfig.TLSConfig.MinVersion = VersionTLS13
256
257 cli := newTestQUICClient(t, clientConfig)
258 cli.conn.SetTransportParameters(nil)
259 srv := newTestQUICServer(t, serverConfig)
260 srv.conn.SetTransportParameters(nil)
261 onEvent := func(e QUICEvent, src, dst *testQUICConn) bool {
262 if e.Kind == QUICWriteData {
263
264 for i := range e.Data {
265 if err := dst.conn.HandleData(e.Level, e.Data[i:i+1]); err != nil {
266 t.Errorf("HandleData: %v", err)
267 break
268 }
269 }
270 return true
271 }
272 return false
273 }
274 if err := runTestQUICConnection(context.Background(), cli, srv, onEvent); err != nil {
275 t.Fatalf("error during first connection handshake: %v", err)
276 }
277 }
278
279 func TestQUICPostHandshakeClientAuthentication(t *testing.T) {
280
281 config := &QUICConfig{TLSConfig: testConfig.Clone()}
282 config.TLSConfig.MinVersion = VersionTLS13
283 cli := newTestQUICClient(t, config)
284 cli.conn.SetTransportParameters(nil)
285 srv := newTestQUICServer(t, config)
286 srv.conn.SetTransportParameters(nil)
287 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
288 t.Fatalf("error during connection handshake: %v", err)
289 }
290
291 certReq := new(certificateRequestMsgTLS13)
292 certReq.ocspStapling = true
293 certReq.scts = true
294 certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms(VersionTLS13)
295 certReqBytes, err := certReq.marshal()
296 if err != nil {
297 t.Fatal(err)
298 }
299 if err := cli.conn.HandleData(QUICEncryptionLevelApplication, append([]byte{
300 byte(typeCertificateRequest),
301 byte(0), byte(0), byte(len(certReqBytes)),
302 }, certReqBytes...)); err == nil {
303 t.Fatalf("post-handshake authentication request: got no error, want one")
304 }
305 }
306
307 func TestQUICPostHandshakeKeyUpdate(t *testing.T) {
308
309 config := &QUICConfig{TLSConfig: testConfig.Clone()}
310 config.TLSConfig.MinVersion = VersionTLS13
311 cli := newTestQUICClient(t, config)
312 cli.conn.SetTransportParameters(nil)
313 srv := newTestQUICServer(t, config)
314 srv.conn.SetTransportParameters(nil)
315 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
316 t.Fatalf("error during connection handshake: %v", err)
317 }
318
319 keyUpdate := new(keyUpdateMsg)
320 keyUpdateBytes, err := keyUpdate.marshal()
321 if err != nil {
322 t.Fatal(err)
323 }
324 expectedErr := "unexpected key update message"
325 if err = cli.conn.HandleData(QUICEncryptionLevelApplication, keyUpdateBytes); err == nil {
326 t.Fatalf("key update request: expected error from post-handshake key update, got nil")
327 } else if !strings.Contains(err.Error(), expectedErr) {
328 t.Fatalf("key update request: got error %v, expected substring %q", err, expectedErr)
329 }
330 }
331
332 func TestQUICPostHandshakeMessageTooLarge(t *testing.T) {
333 config := &QUICConfig{TLSConfig: testConfig.Clone()}
334 config.TLSConfig.MinVersion = VersionTLS13
335 cli := newTestQUICClient(t, config)
336 cli.conn.SetTransportParameters(nil)
337 srv := newTestQUICServer(t, config)
338 srv.conn.SetTransportParameters(nil)
339 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
340 t.Fatalf("error during connection handshake: %v", err)
341 }
342
343 size := maxHandshake + 1
344 if err := cli.conn.HandleData(QUICEncryptionLevelApplication, []byte{
345 byte(typeNewSessionTicket),
346 byte(size >> 16),
347 byte(size >> 8),
348 byte(size),
349 }); err == nil {
350 t.Fatalf("%v-byte post-handshake message: got no error, want one", size)
351 }
352 }
353
354 func TestQUICHandshakeError(t *testing.T) {
355 clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
356 clientConfig.TLSConfig.MinVersion = VersionTLS13
357 clientConfig.TLSConfig.InsecureSkipVerify = false
358 clientConfig.TLSConfig.ServerName = "name"
359
360 serverConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
361 serverConfig.TLSConfig.MinVersion = VersionTLS13
362
363 cli := newTestQUICClient(t, clientConfig)
364 cli.conn.SetTransportParameters(nil)
365 srv := newTestQUICServer(t, serverConfig)
366 srv.conn.SetTransportParameters(nil)
367 err := runTestQUICConnection(context.Background(), cli, srv, nil)
368 if !errors.Is(err, AlertError(alertBadCertificate)) {
369 t.Errorf("connection handshake terminated with error %q, want alertBadCertificate", err)
370 }
371 if _, ok := errors.AsType[*CertificateVerificationError](err); !ok {
372 t.Errorf("connection handshake terminated with error %q, want CertificateVerificationError", err)
373 }
374 }
375
376
377
378
379 func TestQUICConnectionState(t *testing.T) {
380 config := &QUICConfig{TLSConfig: testConfig.Clone()}
381 config.TLSConfig.MinVersion = VersionTLS13
382 config.TLSConfig.NextProtos = []string{"h3"}
383 cli := newTestQUICClient(t, config)
384 cli.conn.SetTransportParameters(nil)
385 srv := newTestQUICServer(t, config)
386 srv.conn.SetTransportParameters(nil)
387 onEvent := func(e QUICEvent, src, dst *testQUICConn) bool {
388 cliCS := cli.conn.ConnectionState()
389 if _, ok := cli.readSecret[QUICEncryptionLevelApplication]; ok {
390 if want, got := cliCS.NegotiatedProtocol, "h3"; want != got {
391 t.Errorf("cli.ConnectionState().NegotiatedProtocol = %q, want %q", want, got)
392 }
393 }
394 srvCS := srv.conn.ConnectionState()
395 if _, ok := srv.readSecret[QUICEncryptionLevelHandshake]; ok {
396 if want, got := srvCS.NegotiatedProtocol, "h3"; want != got {
397 t.Errorf("srv.ConnectionState().NegotiatedProtocol = %q, want %q", want, got)
398 }
399 }
400 return false
401 }
402 if err := runTestQUICConnection(context.Background(), cli, srv, onEvent); err != nil {
403 t.Fatalf("error during connection handshake: %v", err)
404 }
405 }
406
407 func TestQUICStartContextPropagation(t *testing.T) {
408 const key = "key"
409 const value = "value"
410 ctx := context.WithValue(context.Background(), key, value)
411 config := &QUICConfig{TLSConfig: testConfig.Clone()}
412 config.TLSConfig.MinVersion = VersionTLS13
413 calls := 0
414 config.TLSConfig.GetConfigForClient = func(info *ClientHelloInfo) (*Config, error) {
415 calls++
416 got, _ := info.Context().Value(key).(string)
417 if got != value {
418 t.Errorf("GetConfigForClient context key %q has value %q, want %q", key, got, value)
419 }
420 return nil, nil
421 }
422 cli := newTestQUICClient(t, config)
423 cli.conn.SetTransportParameters(nil)
424 srv := newTestQUICServer(t, config)
425 srv.conn.SetTransportParameters(nil)
426 if err := runTestQUICConnection(ctx, cli, srv, nil); err != nil {
427 t.Fatalf("error during connection handshake: %v", err)
428 }
429 if calls != 1 {
430 t.Errorf("GetConfigForClient called %v times, want 1", calls)
431 }
432 }
433
434 func TestQUICDelayedTransportParameters(t *testing.T) {
435 clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
436 clientConfig.TLSConfig.MinVersion = VersionTLS13
437 clientConfig.TLSConfig.ClientSessionCache = NewLRUClientSessionCache(1)
438 clientConfig.TLSConfig.ServerName = "example.go.dev"
439
440 serverConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
441 serverConfig.TLSConfig.MinVersion = VersionTLS13
442
443 cliParams := "client params"
444 srvParams := "server params"
445
446 cli := newTestQUICClient(t, clientConfig)
447 srv := newTestQUICServer(t, serverConfig)
448 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != errTransportParametersRequired {
449 t.Fatalf("handshake with no client parameters: %v; want errTransportParametersRequired", err)
450 }
451 cli.conn.SetTransportParameters([]byte(cliParams))
452 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != errTransportParametersRequired {
453 t.Fatalf("handshake with no server parameters: %v; want errTransportParametersRequired", err)
454 }
455 srv.conn.SetTransportParameters([]byte(srvParams))
456 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
457 t.Fatalf("error during connection handshake: %v", err)
458 }
459
460 if got, want := string(cli.gotParams), srvParams; got != want {
461 t.Errorf("client got transport params: %q, want %q", got, want)
462 }
463 if got, want := string(srv.gotParams), cliParams; got != want {
464 t.Errorf("server got transport params: %q, want %q", got, want)
465 }
466 }
467
468 func TestQUICEmptyTransportParameters(t *testing.T) {
469 config := &QUICConfig{TLSConfig: testConfig.Clone()}
470 config.TLSConfig.MinVersion = VersionTLS13
471
472 cli := newTestQUICClient(t, config)
473 cli.conn.SetTransportParameters(nil)
474 srv := newTestQUICServer(t, config)
475 srv.conn.SetTransportParameters(nil)
476 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
477 t.Fatalf("error during connection handshake: %v", err)
478 }
479
480 if cli.gotParams == nil {
481 t.Errorf("client did not get transport params")
482 }
483 if srv.gotParams == nil {
484 t.Errorf("server did not get transport params")
485 }
486 if len(cli.gotParams) != 0 {
487 t.Errorf("client got transport params: %v, want empty", cli.gotParams)
488 }
489 if len(srv.gotParams) != 0 {
490 t.Errorf("server got transport params: %v, want empty", srv.gotParams)
491 }
492 }
493
494 func TestQUICCanceledWaitingForData(t *testing.T) {
495 config := &QUICConfig{TLSConfig: testConfig.Clone()}
496 config.TLSConfig.MinVersion = VersionTLS13
497 cli := newTestQUICClient(t, config)
498 cli.conn.SetTransportParameters(nil)
499 cli.conn.Start(context.Background())
500 for cli.conn.NextEvent().Kind != QUICNoEvent {
501 }
502 err := cli.conn.Close()
503 if !errors.Is(err, alertCloseNotify) {
504 t.Errorf("conn.Close() = %v, want alertCloseNotify", err)
505 }
506 }
507
508 func TestQUICCanceledWaitingForTransportParams(t *testing.T) {
509 config := &QUICConfig{TLSConfig: testConfig.Clone()}
510 config.TLSConfig.MinVersion = VersionTLS13
511 cli := newTestQUICClient(t, config)
512 cli.conn.Start(context.Background())
513 for cli.conn.NextEvent().Kind != QUICTransportParametersRequired {
514 }
515 err := cli.conn.Close()
516 if !errors.Is(err, alertCloseNotify) {
517 t.Errorf("conn.Close() = %v, want alertCloseNotify", err)
518 }
519 }
520
521 func TestQUICEarlyData(t *testing.T) {
522 clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
523 clientConfig.TLSConfig.MinVersion = VersionTLS13
524 clientConfig.TLSConfig.ClientSessionCache = NewLRUClientSessionCache(1)
525 clientConfig.TLSConfig.ServerName = "example.go.dev"
526 clientConfig.TLSConfig.NextProtos = []string{"h3"}
527
528 serverConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
529 serverConfig.TLSConfig.MinVersion = VersionTLS13
530 serverConfig.TLSConfig.NextProtos = []string{"h3"}
531
532 cli := newTestQUICClient(t, clientConfig)
533 cli.conn.SetTransportParameters(nil)
534 srv := newTestQUICServer(t, serverConfig)
535 srv.conn.SetTransportParameters(nil)
536 srv.ticketOpts.EarlyData = true
537 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
538 t.Fatalf("error during first connection handshake: %v", err)
539 }
540 if cli.conn.ConnectionState().DidResume {
541 t.Errorf("first connection unexpectedly used session resumption")
542 }
543
544 cli2 := newTestQUICClient(t, clientConfig)
545 cli2.conn.SetTransportParameters(nil)
546 srv2 := newTestQUICServer(t, serverConfig)
547 srv2.conn.SetTransportParameters(nil)
548 onEvent := func(e QUICEvent, src, dst *testQUICConn) bool {
549 switch e.Kind {
550 case QUICStoreSession, QUICResumeSession:
551 t.Errorf("with EnableSessionEvents=false, got unexpected event %v", e.Kind)
552 }
553 return false
554 }
555 if err := runTestQUICConnection(context.Background(), cli2, srv2, onEvent); err != nil {
556 t.Fatalf("error during second connection handshake: %v", err)
557 }
558 if !cli2.conn.ConnectionState().DidResume {
559 t.Errorf("second connection did not use session resumption")
560 }
561 cliSecret := cli2.writeSecret[QUICEncryptionLevelEarly]
562 if cliSecret.secret == nil {
563 t.Errorf("client did not receive early data write secret")
564 }
565 srvSecret := srv2.readSecret[QUICEncryptionLevelEarly]
566 if srvSecret.secret == nil {
567 t.Errorf("server did not receive early data read secret")
568 }
569 if cliSecret.suite != srvSecret.suite || !bytes.Equal(cliSecret.secret, srvSecret.secret) {
570 t.Errorf("client early data secret does not match server")
571 }
572 }
573
574 func TestQUICEarlyDataDeclined(t *testing.T) {
575 t.Run("server", func(t *testing.T) {
576 testQUICEarlyDataDeclined(t, true)
577 })
578 t.Run("client", func(t *testing.T) {
579 testQUICEarlyDataDeclined(t, false)
580 })
581 }
582
583 func testQUICEarlyDataDeclined(t *testing.T, server bool) {
584 clientConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
585 clientConfig.EnableSessionEvents = true
586 clientConfig.TLSConfig.MinVersion = VersionTLS13
587 clientConfig.TLSConfig.ClientSessionCache = NewLRUClientSessionCache(1)
588 clientConfig.TLSConfig.ServerName = "example.go.dev"
589 clientConfig.TLSConfig.NextProtos = []string{"h3"}
590
591 serverConfig := &QUICConfig{TLSConfig: testConfig.Clone()}
592 serverConfig.EnableSessionEvents = true
593 serverConfig.TLSConfig.MinVersion = VersionTLS13
594 serverConfig.TLSConfig.NextProtos = []string{"h3"}
595
596 cli := newTestQUICClient(t, clientConfig)
597 cli.conn.SetTransportParameters(nil)
598 srv := newTestQUICServer(t, serverConfig)
599 srv.conn.SetTransportParameters(nil)
600 srv.ticketOpts.EarlyData = true
601 if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
602 t.Fatalf("error during first connection handshake: %v", err)
603 }
604 if cli.conn.ConnectionState().DidResume {
605 t.Errorf("first connection unexpectedly used session resumption")
606 }
607
608 cli2 := newTestQUICClient(t, clientConfig)
609 cli2.conn.SetTransportParameters(nil)
610 srv2 := newTestQUICServer(t, serverConfig)
611 srv2.conn.SetTransportParameters(nil)
612 declineEarlyData := func(state *SessionState) {
613 state.EarlyData = false
614 }
615 if server {
616 srv2.onResumeSession = declineEarlyData
617 } else {
618 cli2.onResumeSession = declineEarlyData
619 }
620 if err := runTestQUICConnection(context.Background(), cli2, srv2, nil); err != nil {
621 t.Fatalf("error during second connection handshake: %v", err)
622 }
623 if !cli2.conn.ConnectionState().DidResume {
624 t.Errorf("second connection did not use session resumption")
625 }
626 _, cliEarlyData := cli2.writeSecret[QUICEncryptionLevelEarly]
627 if server {
628 if !cliEarlyData {
629 t.Errorf("client did not receive early data write secret")
630 }
631 if !cli2.earlyDataRejected {
632 t.Errorf("client did not receive QUICEarlyDataRejected")
633 }
634 }
635 if _, srvEarlyData := srv2.readSecret[QUICEncryptionLevelEarly]; srvEarlyData {
636 t.Errorf("server received early data read secret")
637 }
638 }
639
View as plain text