Skip to content

Commit

Permalink
Fix VerifyHostname certificate validation on go1.11 (#115)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sideshow
sideshow committed Aug 14, 2018
1 parent c6554af commit 656cc74
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 15 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ _testmain.go
/*.pem
/*.cer
/*.p8

.DS_Store
23 changes: 8 additions & 15 deletions certificate/certificate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,20 +15,20 @@ import (
func TestValidCertificateFromP12File(t *testing.T) {
cer, err := certificate.FromP12File("_fixtures/certificate-valid.p12", "")
assert.Nil(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestValidCertificateFromP12Bytes(t *testing.T) {
bytes, _ := ioutil.ReadFile("_fixtures/certificate-valid.p12")
cer, err := certificate.FromP12Bytes(bytes, "")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestEncryptedValidCertificateFromP12File(t *testing.T) {
cer, err := certificate.FromP12File("_fixtures/certificate-valid-encrypted.p12", "password")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestNoSuchFileP12File(t *testing.T) {
Expand All @@ -48,33 +48,33 @@ func TestBadPasswordP12File(t *testing.T) {
func TestValidCertificateFromPemFile(t *testing.T) {
cer, err := certificate.FromPemFile("_fixtures/certificate-valid.pem", "")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestValidCertificateFromPemBytes(t *testing.T) {
bytes, _ := ioutil.ReadFile("_fixtures/certificate-valid.pem")
cer, err := certificate.FromPemBytes(bytes, "")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestValidCertificateFromPemFileWithPKCS8PrivateKey(t *testing.T) {
cer, err := certificate.FromPemFile("_fixtures/certificate-valid-pkcs8.pem", "")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestValidCertificateFromPemBytesWithPKCS8PrivateKey(t *testing.T) {
bytes, _ := ioutil.ReadFile("_fixtures/certificate-valid-pkcs8.pem")
cer, err := certificate.FromPemBytes(bytes, "")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestEncryptedValidCertificateFromPemFile(t *testing.T) {
cer, err := certificate.FromPemFile("_fixtures/certificate-valid-encrypted.pem", "password")
assert.NoError(t, err)
assert.Nil(t, verifyHostname(cer))
assert.NotEqual(t, tls.Certificate{}, cer)
}

func TestNoSuchFilePemFile(t *testing.T) {
Expand Down Expand Up @@ -106,10 +106,3 @@ func TestNoCertificatePemFile(t *testing.T) {
assert.Equal(t, tls.Certificate{}, cer)
assert.Equal(t, certificate.ErrNoCertificate, err)
}

func verifyHostname(cert tls.Certificate) error {
if cert.Leaf == nil {
return errors.New("expected leaf cert")
}
return cert.Leaf.VerifyHostname("APNS/2 Development IOS Push Services: com.sideshow.Apns2")
}

0 comments on commit 656cc74

Please sign in to comment.