djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix testsecuretlssupervisor

Browse Source 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Margo Crawford 2022-03-23 16:27:18 -07:00 committed by Monis Khan
parent 6fa2c897e8
commit 8fccce31a4
No known key found for this signature in database
GPG Key ID: 52C90ADA01B269B8
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/integration/securetls_fips_test.go
View File

@ -35,6 +35,8 @@ import (
// The expected cipher suites should belong to this
// hard-coded list, copied from here:
// https://github.com/golang/go/blob/dev.boringcrypto/src/crypto/tls/boring.go.
// TODO this is a private variable in the tls package... is there a better
// way to get access to it than just copying?
var defaultCipherSuitesFIPS []uint16 = []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@ -143,8 +145,8 @@ func TestSecureTLSSupervisor(t *testing.T) { // does not run in parallel because
// supervisor's cert is ECDSA
defaultECDSAOnly := func(rootCAs *x509.CertPool) *tls.Config {
c := ptls.Default(rootCAs)
ciphers := make([]uint16, 0, len(c.CipherSuites)/2)
for _, id := range c.CipherSuites {
ciphers := make([]uint16, 0, len(defaultCipherSuitesFIPS)/3)
for _, id := range defaultCipherSuitesFIPS {
id := id
if !strings.Contains(tls.CipherSuiteName(id), "_ECDSA_") {
continue