@@ -36,6 +36,8 @@ func TestSimpleTLSConnection(t *testing.T) {
3636 common .Must (err )
3737 defer tcpServer .Close ()
3838
39+ ct , ctHash := cert .MustGenerate (nil , cert .CommonName ("localhost" ))
40+
3941 userID := protocol .NewID (uuid .New ())
4042 serverPort := tcp .PickPort ()
4143 serverConfig := & core.Config {
@@ -48,7 +50,7 @@ func TestSimpleTLSConnection(t *testing.T) {
4850 SecurityType : serial .GetMessageType (& tls.Config {}),
4951 SecuritySettings : []* serial.TypedMessage {
5052 serial .ToTypedMessage (& tls.Config {
51- Certificate : []* tls.Certificate {tls .ParseCertificate (cert . MustGenerate ( nil ) )},
53+ Certificate : []* tls.Certificate {tls .ParseCertificate (ct )},
5254 }),
5355 },
5456 },
@@ -104,7 +106,7 @@ func TestSimpleTLSConnection(t *testing.T) {
104106 SecurityType : serial .GetMessageType (& tls.Config {}),
105107 SecuritySettings : []* serial.TypedMessage {
106108 serial .ToTypedMessage (& tls.Config {
107- AllowInsecure : true ,
109+ PinnedPeerCertSha256 : [][] byte { ctHash [:]} ,
108110 }),
109111 },
110112 },
@@ -247,6 +249,8 @@ func TestTLSOverKCP(t *testing.T) {
247249 common .Must (err )
248250 defer tcpServer .Close ()
249251
252+ ct , ctHash := cert .MustGenerate (nil , cert .CommonName ("localhost" ))
253+
250254 userID := protocol .NewID (uuid .New ())
251255 serverPort := udp .PickPort ()
252256 serverConfig := & core.Config {
@@ -260,7 +264,7 @@ func TestTLSOverKCP(t *testing.T) {
260264 SecurityType : serial .GetMessageType (& tls.Config {}),
261265 SecuritySettings : []* serial.TypedMessage {
262266 serial .ToTypedMessage (& tls.Config {
263- Certificate : []* tls.Certificate {tls .ParseCertificate (cert . MustGenerate ( nil ) )},
267+ Certificate : []* tls.Certificate {tls .ParseCertificate (ct )},
264268 }),
265269 },
266270 },
@@ -317,7 +321,7 @@ func TestTLSOverKCP(t *testing.T) {
317321 SecurityType : serial .GetMessageType (& tls.Config {}),
318322 SecuritySettings : []* serial.TypedMessage {
319323 serial .ToTypedMessage (& tls.Config {
320- AllowInsecure : true ,
324+ PinnedPeerCertSha256 : [][] byte { ctHash [:]} ,
321325 }),
322326 },
323327 },
@@ -343,6 +347,8 @@ func TestTLSOverWebSocket(t *testing.T) {
343347 common .Must (err )
344348 defer tcpServer .Close ()
345349
350+ ct , ctHash := cert .MustGenerate (nil , cert .CommonName ("localhost" ))
351+
346352 userID := protocol .NewID (uuid .New ())
347353 serverPort := tcp .PickPort ()
348354 serverConfig := & core.Config {
@@ -356,7 +362,7 @@ func TestTLSOverWebSocket(t *testing.T) {
356362 SecurityType : serial .GetMessageType (& tls.Config {}),
357363 SecuritySettings : []* serial.TypedMessage {
358364 serial .ToTypedMessage (& tls.Config {
359- Certificate : []* tls.Certificate {tls .ParseCertificate (cert . MustGenerate ( nil ) )},
365+ Certificate : []* tls.Certificate {tls .ParseCertificate (ct )},
360366 }),
361367 },
362368 },
@@ -419,7 +425,7 @@ func TestTLSOverWebSocket(t *testing.T) {
419425 SecurityType : serial .GetMessageType (& tls.Config {}),
420426 SecuritySettings : []* serial.TypedMessage {
421427 serial .ToTypedMessage (& tls.Config {
422- AllowInsecure : true ,
428+ PinnedPeerCertSha256 : [][] byte { ctHash [:]} ,
423429 }),
424430 },
425431 },
@@ -449,6 +455,8 @@ func TestGRPC(t *testing.T) {
449455 common .Must (err )
450456 defer tcpServer .Close ()
451457
458+ ct , ctHash := cert .MustGenerate (nil , cert .CommonName ("localhost" ))
459+
452460 userID := protocol .NewID (uuid .New ())
453461 serverPort := tcp .PickPort ()
454462 serverConfig := & core.Config {
@@ -468,7 +476,7 @@ func TestGRPC(t *testing.T) {
468476 SecurityType : serial .GetMessageType (& tls.Config {}),
469477 SecuritySettings : []* serial.TypedMessage {
470478 serial .ToTypedMessage (& tls.Config {
471- Certificate : []* tls.Certificate {tls .ParseCertificate (cert . MustGenerate ( nil ) )},
479+ Certificate : []* tls.Certificate {tls .ParseCertificate (ct )},
472480 }),
473481 },
474482 },
@@ -531,7 +539,7 @@ func TestGRPC(t *testing.T) {
531539 SecurityType : serial .GetMessageType (& tls.Config {}),
532540 SecuritySettings : []* serial.TypedMessage {
533541 serial .ToTypedMessage (& tls.Config {
534- AllowInsecure : true ,
542+ PinnedPeerCertSha256 : [][] byte { ctHash [:]} ,
535543 }),
536544 },
537545 },
@@ -561,6 +569,8 @@ func TestGRPCMultiMode(t *testing.T) {
561569 common .Must (err )
562570 defer tcpServer .Close ()
563571
572+ ct , ctHash := cert .MustGenerate (nil , cert .CommonName ("localhost" ))
573+
564574 userID := protocol .NewID (uuid .New ())
565575 serverPort := tcp .PickPort ()
566576 serverConfig := & core.Config {
@@ -580,7 +590,7 @@ func TestGRPCMultiMode(t *testing.T) {
580590 SecurityType : serial .GetMessageType (& tls.Config {}),
581591 SecuritySettings : []* serial.TypedMessage {
582592 serial .ToTypedMessage (& tls.Config {
583- Certificate : []* tls.Certificate {tls .ParseCertificate (cert . MustGenerate ( nil ) )},
593+ Certificate : []* tls.Certificate {tls .ParseCertificate (ct )},
584594 }),
585595 },
586596 },
@@ -643,7 +653,7 @@ func TestGRPCMultiMode(t *testing.T) {
643653 SecurityType : serial .GetMessageType (& tls.Config {}),
644654 SecuritySettings : []* serial.TypedMessage {
645655 serial .ToTypedMessage (& tls.Config {
646- AllowInsecure : true ,
656+ PinnedPeerCertSha256 : [][] byte { ctHash [:]} ,
647657 }),
648658 },
649659 },
@@ -672,7 +682,7 @@ func TestSimpleTLSConnectionPinned(t *testing.T) {
672682 dest , err := tcpServer .Start ()
673683 common .Must (err )
674684 defer tcpServer .Close ()
675- certificateDer := cert .MustGenerate (nil )
685+ certificateDer , _ := cert .MustGenerate (nil )
676686 certificate := tls .ParseCertificate (certificateDer )
677687 certHash := tls .GenerateCertHash (certificateDer .Certificate )
678688 userID := protocol .NewID (uuid .New ())
@@ -743,7 +753,6 @@ func TestSimpleTLSConnectionPinned(t *testing.T) {
743753 SecurityType : serial .GetMessageType (& tls.Config {}),
744754 SecuritySettings : []* serial.TypedMessage {
745755 serial .ToTypedMessage (& tls.Config {
746- AllowInsecure : true ,
747756 PinnedPeerCertSha256 : [][]byte {certHash },
748757 }),
749758 },
@@ -769,7 +778,7 @@ func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) {
769778 dest , err := tcpServer .Start ()
770779 common .Must (err )
771780 defer tcpServer .Close ()
772- certificateDer := cert .MustGenerate (nil )
781+ certificateDer , _ := cert .MustGenerate (nil )
773782 certificate := tls .ParseCertificate (certificateDer )
774783 certHash := tls .GenerateCertHash (certificateDer .Certificate )
775784 certHash [1 ] += 1
@@ -841,7 +850,6 @@ func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) {
841850 SecurityType : serial .GetMessageType (& tls.Config {}),
842851 SecuritySettings : []* serial.TypedMessage {
843852 serial .ToTypedMessage (& tls.Config {
844- AllowInsecure : true ,
845853 PinnedPeerCertSha256 : [][]byte {certHash },
846854 }),
847855 },
@@ -867,7 +875,7 @@ func TestUTLSConnectionPinned(t *testing.T) {
867875 dest , err := tcpServer .Start ()
868876 common .Must (err )
869877 defer tcpServer .Close ()
870- certificateDer := cert .MustGenerate (nil )
878+ certificateDer , _ := cert .MustGenerate (nil )
871879 certificate := tls .ParseCertificate (certificateDer )
872880 certHash := tls .GenerateCertHash (certificateDer .Certificate )
873881 userID := protocol .NewID (uuid .New ())
@@ -939,7 +947,6 @@ func TestUTLSConnectionPinned(t *testing.T) {
939947 SecuritySettings : []* serial.TypedMessage {
940948 serial .ToTypedMessage (& tls.Config {
941949 Fingerprint : "random" ,
942- AllowInsecure : true ,
943950 PinnedPeerCertSha256 : [][]byte {certHash },
944951 }),
945952 },
@@ -965,7 +972,7 @@ func TestUTLSConnectionPinnedWrongCert(t *testing.T) {
965972 dest , err := tcpServer .Start ()
966973 common .Must (err )
967974 defer tcpServer .Close ()
968- certificateDer := cert .MustGenerate (nil )
975+ certificateDer , _ := cert .MustGenerate (nil )
969976 certificate := tls .ParseCertificate (certificateDer )
970977 certHash := tls .GenerateCertHash (certificateDer .Certificate )
971978 certHash [1 ] += 1
@@ -1038,7 +1045,6 @@ func TestUTLSConnectionPinnedWrongCert(t *testing.T) {
10381045 SecuritySettings : []* serial.TypedMessage {
10391046 serial .ToTypedMessage (& tls.Config {
10401047 Fingerprint : "random" ,
1041- AllowInsecure : true ,
10421048 PinnedPeerCertSha256 : [][]byte {certHash },
10431049 }),
10441050 },
0 commit comments