commit 8a6eb65b4894fc01bff2b7bbf19a8008b7b47362
parent 8b4692b08b6ae1658502baedec12d406da5ab390
Author: Johann150 <johann.galle@protonmail.com>
Date: Thu, 25 Feb 2021 17:31:24 +0100
add test for TLS version selection
Since rustls does not even support TLS versions below 1.2, no need to check
for that.
Diffstat:
3 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
@@ -19,6 +19,7 @@ dependencies = [
"tokio",
"tokio-rustls",
"url",
+ "webpki",
]
[[package]]
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,6 +29,7 @@ configparser = "2.0"
assert_cmd = "1.0"
gemini-fetch = { version = "0.2.1", git = "https://github.com/Johann150/gemini-fetch.git" }
anyhow = "1.0"
+webpki = "0.21.4"
[profile.release]
lto = true
diff --git a/tests/tests.rs b/tests/tests.rs
@@ -254,3 +254,25 @@ fn serve_secret() {
assert_eq!(page.header.status, Status::Success);
}
+
+#[test]
+#[should_panic(expected = "AlertReceived(ProtocolVersion)")]
+fn explicit_tls_version() {
+ use rustls::{ClientSession, ProtocolVersion};
+ use std::io::Read;
+ use std::net::TcpStream;
+
+ let _server = Server::new(&["--addr", "[::]:1976", "-3"]);
+
+ let mut config = rustls::ClientConfig::new();
+ // try to connect using only TLS 1.2
+ config.versions = vec![ProtocolVersion::TLSv1_2];
+
+ let dns_name = webpki::DNSNameRef::try_from_ascii_str("localhost").unwrap();
+ let mut session = ClientSession::new(&std::sync::Arc::new(config), dns_name);
+ let mut tcp = TcpStream::connect(addr(1976)).unwrap();
+ let mut tls = rustls::Stream::new(&mut session, &mut tcp);
+
+ let mut buf = [0; 10];
+ tls.read(&mut buf).unwrap();
+}