go icon indicating copy to clipboard operation
go copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

DC tests don't validate certificates

Open jhoyla opened this issue 3 years ago • 2 comments

In delegated_credentials_test.go TestDCHandshakeServerAuth sets clientConfig.InsecureSkipVerify = true. Because of how golang handles global state this is propagated to all later tests. This leads to test failures if the tests are run in a different order or individually. This means that even if you put bit flips into the test certificate signatures the tests will still pass.

jhoyla avatar Aug 16 '22 14:08 jhoyla

This was fixed in the kemtls branch. There was also another bug that was also fixed on that branch (I can't remember it anymore as it was a year ago). I also changed the API to something way nicer there, so that is def the code to use. It never got merged due to the debate of if kemtls should be in the main branch or not.

claucece avatar Aug 18 '22 00:08 claucece

I'll take a look tomorrow and compare the code.. and let you know if there is a bug that needs solving in main branch.

claucece avatar Aug 18 '22 00:08 claucece