Ubuntu Push Notifications

Merge lp:~chipaca/ubuntu-push/check-certificate into lp:ubuntu-push/automatic

  1. check-certificate
  2. Merge into automatic
Proposed by John Lenton
Status: Merged
Approved by: John Lenton
Approved revision: 128
Merged at revision: 128
Proposed branch: lp:~chipaca/ubuntu-push/check-certificate
Merge into: lp:ubuntu-push/automatic
Diff against target: 92 lines (+60/-2)
2 files modified
client/session/session.go (+4/-1)
client/session/session_test.go (+56/-1)
To merge this branch: bzr merge lp:~chipaca/ubuntu-push/check-certificate
Reviewer Review Type Date Requested Status
Samuele Pedroni Approve
Review via email: mp+216083@code.launchpad.net

Commit message

Add the ServerName to tls config from gethosts domain; client checks the server certificate.

Description of the change

Add the ServerName to tls config from gethosts domain; client checks the server certificate.

To post a comment you must log in.
lp:~chipaca/ubuntu-push/check-certificate updated
128. By John Lenton

made the tests a bit better

Revision history for this message
Samuele Pedroni (pedronis) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'client/session/session.go'
2--- client/session/session.go 2014-04-16 10:44:20 +0000
3+++ client/session/session.go 2014-04-16 13:28:44 +0000
4@@ -142,7 +142,7 @@
5 Log: log,
6 Protocolator: protocol.NewProtocol0,
7 Levels: levels,
8- TLS: &tls.Config{InsecureSkipVerify: true}, // XXX
9+ TLS: &tls.Config{},
10 stateP: &state,
11 timeSince: time.Since,
12 auth: conf.Authorization,
13@@ -192,6 +192,9 @@
14 }
15 sess.deliveryHostsTimestamp = time.Now()
16 sess.deliveryHosts = host.Hosts
17+ if sess.TLS != nil {
18+ sess.TLS.ServerName = host.Domain
19+ }
20 } else {
21 sess.deliveryHosts = sess.fallbackHosts
22 }
23
24=== modified file 'client/session/session_test.go'
25--- client/session/session_test.go 2014-04-16 10:44:20 +0000
26+++ client/session/session_test.go 2014-04-16 13:28:44 +0000
27@@ -1091,9 +1091,64 @@
28
29 var (
30 dialTestTimeout = 100 * time.Millisecond
31- dialTestConf = ClientSessionConfig{ExchangeTimeout: dialTestTimeout}
32+ dialTestConf = ClientSessionConfig{
33+ ExchangeTimeout: dialTestTimeout,
34+ PEM: helpers.TestCertPEMBlock,
35+ }
36 )
37
38+func (cs *clientSessionSuite) TestDialBadServerName(c *C) {
39+ // a borked server name
40+ cert, err := tls.X509KeyPair(helpers.TestCertPEMBlock, helpers.TestKeyPEMBlock)
41+ c.Assert(err, IsNil)
42+ tlsCfg := &tls.Config{
43+ Certificates: []tls.Certificate{cert},
44+ SessionTicketsDisabled: true,
45+ }
46+
47+ lst, err := tls.Listen("tcp", "localhost:0", tlsCfg)
48+ c.Assert(err, IsNil)
49+ // advertise
50+ ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
51+ b, err := json.Marshal(map[string]interface{}{
52+ "domain": "xyzzy", // <-- *** THIS *** is the bit that'll break it
53+ "hosts": []string{"nowhere", lst.Addr().String()},
54+ })
55+ if err != nil {
56+ panic(err)
57+ }
58+ w.Header().Set("Content-Type", "application/json")
59+ w.Write(b)
60+ }))
61+ defer ts.Close()
62+
63+ sess, err := NewSession(ts.URL, dialTestConf, "wah", cs.lvls, cs.log)
64+ c.Assert(err, IsNil)
65+ tconn := &testConn{}
66+ sess.Connection = tconn
67+
68+ upCh := make(chan interface{}, 5)
69+ downCh := make(chan interface{}, 5)
70+ errCh := make(chan error, 1)
71+ proto := &testProtocol{up: upCh, down: downCh}
72+ sess.Protocolator = func(net.Conn) protocol.Protocol { return proto }
73+
74+ go func() {
75+ errCh <- sess.Dial()
76+ }()
77+
78+ srv, err := lst.Accept()
79+ c.Assert(err, IsNil)
80+
81+ // connect done
82+
83+ _, err = protocol.ReadWireFormatVersion(srv, dialTestTimeout)
84+ c.Check(err, NotNil)
85+
86+ c.Check(<-errCh, NotNil)
87+ c.Check(sess.State(), Equals, Error)
88+}
89+
90 func (cs *clientSessionSuite) TestDialWorks(c *C) {
91 // happy path thoughts
92 cert, err := tls.X509KeyPair(helpers.TestCertPEMBlock, helpers.TestKeyPEMBlock)

Subscribers

People subscribed via source and target branches