package checker import ( "context" "net" "net/http/httptest" "net/url" "strconv" "testing" "time" "git.happydns.org/checker-tls/contract" ) func TestProbe_DirectTLS_OK(t *testing.T) { srv := httptest.NewTLSServer(nil) defer srv.Close() u, _ := url.Parse(srv.URL) host, portStr, _ := net.SplitHostPort(u.Host) port, _ := strconv.ParseUint(portStr, 10, 16) probe := probe(context.Background(), contract.TLSEndpoint{ Host: host, Port: uint16(port), SNI: host, }, 5*time.Second) if probe.Error != "" { t.Fatalf("unexpected error: %s", probe.Error) } if probe.TLSVersion == "" { t.Errorf("expected TLSVersion, got empty") } if probe.CipherSuite == "" { t.Errorf("expected CipherSuite, got empty") } if probe.ChainValid == nil || *probe.ChainValid { t.Errorf("httptest self-signed chain should NOT be valid (chain_valid=%v)", probe.ChainValid) } if probe.HostnameMatch == nil { t.Errorf("expected HostnameMatch to be populated") } if probe.NotAfter.IsZero() { t.Errorf("expected NotAfter populated") } } func TestProbe_TCPUnreachable(t *testing.T) { // Grab a free port then immediately close it so we know nothing listens. l, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { t.Fatal(err) } addr := l.Addr().(*net.TCPAddr) _ = l.Close() probe := probe(context.Background(), contract.TLSEndpoint{ Host: "127.0.0.1", Port: uint16(addr.Port), }, 1*time.Second) if probe.TCPError == "" { t.Errorf("expected a TCP error for unreachable port") } } func TestProbe_UnsupportedStartTLSProto(t *testing.T) { // Listen so the dial succeeds, but the type maps to an unknown proto. l, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { t.Fatal(err) } defer l.Close() go func() { c, err := l.Accept() if err == nil { c.Close() } }() addr := l.Addr().(*net.TCPAddr) probe := probe(context.Background(), contract.TLSEndpoint{ Host: "127.0.0.1", Port: uint16(addr.Port), STARTTLS: "totallyfake", }, 2*time.Second) if probe.Error == "" { t.Errorf("expected handshake error for unsupported starttls protocol") } }