|
|
@ -31,6 +31,7 @@ import ( |
|
|
|
"net/http" |
|
|
|
"net/http" |
|
|
|
"os" |
|
|
|
"os" |
|
|
|
"runtime" |
|
|
|
"runtime" |
|
|
|
|
|
|
|
"strings" |
|
|
|
"sync" |
|
|
|
"sync" |
|
|
|
"testing" |
|
|
|
"testing" |
|
|
|
"time" |
|
|
|
"time" |
|
|
@ -339,6 +340,11 @@ func TestServerListenAndServePlain(t *testing.T) { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func TestServerListenAndServeTLS(t *testing.T) { |
|
|
|
func TestServerListenAndServeTLS(t *testing.T) { |
|
|
|
|
|
|
|
_, err := newTestConfig(globalMinioDefaultRegion) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Fatalf("Init Test config failed") |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
wait := make(chan struct{}) |
|
|
|
wait := make(chan struct{}) |
|
|
|
addr := net.JoinHostPort("127.0.0.1", getFreePort()) |
|
|
|
addr := net.JoinHostPort("127.0.0.1", getFreePort()) |
|
|
|
errc := make(chan error) |
|
|
|
errc := make(chan error) |
|
|
@ -354,7 +360,7 @@ func TestServerListenAndServeTLS(t *testing.T) { |
|
|
|
})) |
|
|
|
})) |
|
|
|
|
|
|
|
|
|
|
|
// Create a cert
|
|
|
|
// Create a cert
|
|
|
|
err := createConfigDir() |
|
|
|
err = createConfigDir() |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
t.Fatal(err) |
|
|
|
t.Fatal(err) |
|
|
|
} |
|
|
|
} |
|
|
@ -374,7 +380,6 @@ func TestServerListenAndServeTLS(t *testing.T) { |
|
|
|
|
|
|
|
|
|
|
|
wg := &sync.WaitGroup{} |
|
|
|
wg := &sync.WaitGroup{} |
|
|
|
wg.Add(1) |
|
|
|
wg.Add(1) |
|
|
|
// Keep trying the server until it's accepting connections
|
|
|
|
|
|
|
|
go func() { |
|
|
|
go func() { |
|
|
|
tr := &http.Transport{ |
|
|
|
tr := &http.Transport{ |
|
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, |
|
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, |
|
|
@ -384,6 +389,7 @@ func TestServerListenAndServeTLS(t *testing.T) { |
|
|
|
Transport: tr, |
|
|
|
Transport: tr, |
|
|
|
} |
|
|
|
} |
|
|
|
okTLS := false |
|
|
|
okTLS := false |
|
|
|
|
|
|
|
// Keep trying the server until it's accepting connections
|
|
|
|
for !okTLS { |
|
|
|
for !okTLS { |
|
|
|
res, _ := client.Get("https://" + addr) |
|
|
|
res, _ := client.Get("https://" + addr) |
|
|
|
if res != nil && res.StatusCode == http.StatusOK { |
|
|
|
if res != nil && res.StatusCode == http.StatusOK { |
|
|
@ -391,14 +397,27 @@ func TestServerListenAndServeTLS(t *testing.T) { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
okNoTLS := false |
|
|
|
// Once a request succeeds, subsequent requests should
|
|
|
|
for !okNoTLS { |
|
|
|
// work fine.
|
|
|
|
res, _ := client.Get("http://" + addr) |
|
|
|
res, err := client.Get("http://" + addr) |
|
|
|
// Without TLS we expect a re-direction from http to https
|
|
|
|
if err != nil { |
|
|
|
// And also the request is not rejected.
|
|
|
|
t.Errorf("Got unexpected error: %v", err) |
|
|
|
if res != nil && res.StatusCode == http.StatusOK && res.Request.URL.Scheme == httpsScheme { |
|
|
|
} |
|
|
|
okNoTLS = true |
|
|
|
// Without TLS we expect a Bad-Request response from the server.
|
|
|
|
|
|
|
|
if !(res != nil && res.StatusCode == http.StatusBadRequest && res.Request.URL.Scheme == httpScheme) { |
|
|
|
|
|
|
|
t.Fatalf("Plaintext request to TLS server did not have expected response!") |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
body, err := ioutil.ReadAll(res.Body) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
t.Errorf("Error reading body") |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Check that the expected error is received.
|
|
|
|
|
|
|
|
bodyStr := string(body) |
|
|
|
|
|
|
|
apiErr := getAPIError(ErrInsecureClientRequest) |
|
|
|
|
|
|
|
if !(strings.Contains(bodyStr, apiErr.Code) && strings.Contains(bodyStr, apiErr.Description)) { |
|
|
|
|
|
|
|
t.Fatalf("Plaintext request to TLS server did not have expected response body!") |
|
|
|
} |
|
|
|
} |
|
|
|
wg.Done() |
|
|
|
wg.Done() |
|
|
|
}() |
|
|
|
}() |
|
|
|