diff --git a/.github/workflows/alltests.yml b/.github/workflows/alltests.yml index 1bc6f915ef..228998f961 100644 --- a/.github/workflows/alltests.yml +++ b/.github/workflows/alltests.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: go test -race -tags shaping ./... diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml index 9882f55b29..5aeffe0398 100644 --- a/.github/workflows/android.yml +++ b/.github/workflows/android.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 with: fetch-depth: 0 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 4db7bcf19d..75c4cea916 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -13,7 +13,6 @@ jobs: strategy: matrix: go: - - "1.17.10" - "1.18.2" steps: - uses: magnetikonline/action-golang-cache@v2 diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml index 593669c7ea..d882052276 100644 --- a/.github/workflows/generate.yml +++ b/.github/workflows/generate.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: go generate ./... diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml index 8e831b2458..e5e3d4d68a 100644 --- a/.github/workflows/ios.yml +++ b/.github/workflows/ios.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 with: fetch-depth: 0 diff --git a/.github/workflows/jafar.yml b/.github/workflows/jafar.yml index 9a8d061fa0..2cc6e47632 100644 --- a/.github/workflows/jafar.yml +++ b/.github/workflows/jafar.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: go build -v ./internal/cmd/jafar - run: sudo ./testjafar.bash diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 83765b46a9..893ffc5715 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 with: fetch-depth: 0 diff --git a/.github/workflows/miniooni.yml b/.github/workflows/miniooni.yml index 8de7c2ec08..fe4ab56748 100644 --- a/.github/workflows/miniooni.yml +++ b/.github/workflows/miniooni.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 with: diff --git a/.github/workflows/netxlite.yml b/.github/workflows/netxlite.yml index 89165f8712..701019b6dc 100644 --- a/.github/workflows/netxlite.yml +++ b/.github/workflows/netxlite.yml @@ -10,7 +10,7 @@ jobs: runs-on: "${{ matrix.os }}" strategy: matrix: - go: [ "1.17.10" ] + go: [ "1.18.2" ] os: [ "ubuntu-20.04", "windows-2019", "macos-10.15" ] steps: - uses: magnetikonline/action-golang-cache@v2 diff --git a/.github/workflows/oohelperd.yml b/.github/workflows/oohelperd.yml index 5538464f29..e3ab0ab5a8 100644 --- a/.github/workflows/oohelperd.yml +++ b/.github/workflows/oohelperd.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - name: build oohelperd binary run: GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./CLI/oohelperd-linux-amd64 -v -tags netgo -ldflags="-s -w -extldflags -static" ./internal/cmd/oohelperd diff --git a/.github/workflows/qafbmessenger.yml b/.github/workflows/qafbmessenger.yml index f1814c246d..1ad1b24393 100644 --- a/.github/workflows/qafbmessenger.yml +++ b/.github/workflows/qafbmessenger.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: ./QA/rundocker.bash "fbmessenger" diff --git a/.github/workflows/qahhfm.yml b/.github/workflows/qahhfm.yml index b864a2c567..29ae892617 100644 --- a/.github/workflows/qahhfm.yml +++ b/.github/workflows/qahhfm.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: ./QA/rundocker.bash "hhfm" diff --git a/.github/workflows/qahirl.yml b/.github/workflows/qahirl.yml index d61390fe45..56adbee5bc 100644 --- a/.github/workflows/qahirl.yml +++ b/.github/workflows/qahirl.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: ./QA/rundocker.bash "hirl" diff --git a/.github/workflows/qatelegram.yml b/.github/workflows/qatelegram.yml index a1996fd2a1..6fa750344d 100644 --- a/.github/workflows/qatelegram.yml +++ b/.github/workflows/qatelegram.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: ./QA/rundocker.bash "telegram" diff --git a/.github/workflows/qawebconnectivity.yml b/.github/workflows/qawebconnectivity.yml index baab3522ad..bb5774c589 100644 --- a/.github/workflows/qawebconnectivity.yml +++ b/.github/workflows/qawebconnectivity.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: ./QA/rundocker.bash "webconnectivity" diff --git a/.github/workflows/qawhatsapp.yml b/.github/workflows/qawhatsapp.yml index 2fed6c63ba..eb5fd34c20 100644 --- a/.github/workflows/qawhatsapp.yml +++ b/.github/workflows/qawhatsapp.yml @@ -10,6 +10,6 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 - run: ./QA/rundocker.bash "whatsapp" diff --git a/.github/workflows/tarball.yml b/.github/workflows/tarball.yml index 947546d600..a36d82a081 100644 --- a/.github/workflows/tarball.yml +++ b/.github/workflows/tarball.yml @@ -16,7 +16,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.17.10 + go-version: "1.18.2" - name: Generate release tarball run: | VERSION=${GITHUB_REF_NAME#v} diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 21bdab1130..75b615f404 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/setup-go@v1 with: - go-version: "1.17.10" + go-version: "1.18.2" - uses: actions/checkout@v2 with: fetch-depth: 0 diff --git a/go.mod b/go.mod index bd4ea4251a..a1644a1b2d 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 github.com/montanaflynn/stats v0.6.6 github.com/ooni/go-libtor v1.1.5 - github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625 + github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e github.com/ooni/probe-assets v0.9.0 github.com/ooni/psiphon/tunnel-core v0.0.0-20220519122549-9c044eb6bd83 github.com/oschwald/geoip2-golang v1.7.0 @@ -40,7 +40,7 @@ require ( gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d gitlab.com/yawning/utls.git v0.0.12-1 golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 - golang.org/x/net v0.0.0-20220517181318-183a9ca12b87 + golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 golang.org/x/sys v0.0.0-20220519141025-dcacdad47464 ) diff --git a/go.sum b/go.sum index 009778cd3e..f0d92449af 100644 --- a/go.sum +++ b/go.sum @@ -614,8 +614,8 @@ github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/ooni/go-libtor v1.1.5 h1:YbwXR9aLuL37EwL7rksPCQQhcHwoxU+M/v+jwZR+n5Y= github.com/ooni/go-libtor v1.1.5/go.mod h1:q1YyLwRD9GeMyeerVvwc0vJ2YgwDLTp2bdVcrh/JXyI= -github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625 h1:tSggIjFQEd3y3W/SInOPeLHxYHhs6+UFgbK5I+Z5G2g= -github.com/ooni/oohttp v0.0.0-20220519121528-b149a1255625/go.mod h1:94RvV+x6crHzYeO8c/LUtkK4uY7QX2kldN3RyvThgzU= +github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e h1:hM6+SmEh6aCzXZDIHTwA0UeyjXNy7EfK1NpE3zr3WBo= +github.com/ooni/oohttp v0.0.0-20220521113303-fb27ebcf5f1e/go.mod h1:p2VVLbs+BXBIgTHITV9Vw8Rv6G1u66JUWP/8KCgDGNo= github.com/ooni/probe-assets v0.9.0 h1:RBqouztuKP0kWJzYwBjY0fPiwl5MQ8Aosy6ks8j1hR4= github.com/ooni/probe-assets v0.9.0/go.mod h1:N0PyNM3aadlYDDCFXAPzs54HC54+MZA/4/xnCtd9EAo= github.com/ooni/psiphon/tunnel-core v0.0.0-20220519122549-9c044eb6bd83 h1:xflU9CdKoHLMhVpt/beum7xw5erAR20wKawZSNWoJAA= @@ -1075,8 +1075,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220401154927-543a649e0bdd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220517181318-183a9ca12b87 h1:cCR+9mKLOGyX4Zx+uBZDXEDAQsvKQ/XbW4vreG5v1jU= -golang.org/x/net v0.0.0-20220517181318-183a9ca12b87/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y= +golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= diff --git a/internal/archival/quic_test.go b/internal/archival/quic_test.go index 4f9eae1ae7..d5a086fccb 100644 --- a/internal/archival/quic_test.go +++ b/internal/archival/quic_test.go @@ -1,5 +1,3 @@ -//go:build !go1.18 - package archival import ( @@ -14,7 +12,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/lucas-clemente/quic-go" - "github.com/marten-seemann/qtls-go1-17" // it's annoying to depend on that + "github.com/marten-seemann/qtls-go1-18" // it's annoying to depend on that "github.com/ooni/probe-cli/v3/internal/fakefill" "github.com/ooni/probe-cli/v3/internal/model" "github.com/ooni/probe-cli/v3/internal/model/mocks" diff --git a/internal/archival/quic_test_go118.go b/internal/archival/quic_test_go118.go deleted file mode 100644 index 38109132ba..0000000000 --- a/internal/archival/quic_test_go118.go +++ /dev/null @@ -1,422 +0,0 @@ -//go:build go1.18 - -package archival - -import ( - "context" - "crypto/tls" - "crypto/x509" - "errors" - "io" - "net" - "testing" - "time" - - "github.com/google/go-cmp/cmp" - "github.com/lucas-clemente/quic-go" - "github.com/marten-seemann/qtls-go1-18" // it's annoying to depend on that - "github.com/ooni/probe-cli/v3/internal/fakefill" - "github.com/ooni/probe-cli/v3/internal/model" - "github.com/ooni/probe-cli/v3/internal/model/mocks" - "github.com/ooni/probe-cli/v3/internal/netxlite" -) - -func TestSaverWriteTo(t *testing.T) { - // newAddr creates an new net.Addr for testing. - newAddr := func(endpoint string) net.Addr { - return &mocks.Addr{ - MockString: func() string { - return endpoint - }, - MockNetwork: func() string { - return "udp" - }, - } - } - - // newConn is a helper function for creating a new connection. - newConn := func(numBytes int, err error) model.UDPLikeConn { - return &mocks.UDPLikeConn{ - MockWriteTo: func(p []byte, addr net.Addr) (int, error) { - time.Sleep(time.Microsecond) - return numBytes, err - }, - } - } - - t.Run("on success", func(t *testing.T) { - const mockedEndpoint = "8.8.4.4:443" - const mockedNumBytes = 128 - addr := newAddr(mockedEndpoint) - conn := newConn(mockedNumBytes, nil) - saver := NewSaver() - v := &SingleNetworkEventValidator{ - ExpectedCount: mockedNumBytes, - ExpectedErr: nil, - ExpectedNetwork: "udp", - ExpectedOp: netxlite.WriteToOperation, - ExpectedEpnt: mockedEndpoint, - Saver: saver, - } - buf := make([]byte, 1024) - count, err := saver.WriteTo(conn, buf, addr) - if err != nil { - t.Fatal(err) - } - if count != mockedNumBytes { - t.Fatal("invalid count") - } - if err := v.Validate(); err != nil { - t.Fatal(err) - } - }) - - t.Run("on failure", func(t *testing.T) { - const mockedEndpoint = "8.8.4.4:443" - mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF) - addr := newAddr(mockedEndpoint) - conn := newConn(0, mockedError) - saver := NewSaver() - v := &SingleNetworkEventValidator{ - ExpectedCount: 0, - ExpectedErr: mockedError, - ExpectedNetwork: "udp", - ExpectedOp: netxlite.WriteToOperation, - ExpectedEpnt: mockedEndpoint, - Saver: saver, - } - buf := make([]byte, 1024) - count, err := saver.WriteTo(conn, buf, addr) - if !errors.Is(err, mockedError) { - t.Fatal("unexpected err", err) - } - if count != 0 { - t.Fatal("invalid count") - } - if err := v.Validate(); err != nil { - t.Fatal(err) - } - }) -} - -func TestSaverReadFrom(t *testing.T) { - // newAddr creates an new net.Addr for testing. - newAddr := func(endpoint string) net.Addr { - return &mocks.Addr{ - MockString: func() string { - return endpoint - }, - MockNetwork: func() string { - return "udp" - }, - } - } - - // newConn is a helper function for creating a new connection. - newConn := func(numBytes int, addr net.Addr, err error) model.UDPLikeConn { - return &mocks.UDPLikeConn{ - MockReadFrom: func(p []byte) (int, net.Addr, error) { - time.Sleep(time.Microsecond) - return numBytes, addr, err - }, - } - } - - t.Run("on success", func(t *testing.T) { - const mockedEndpoint = "8.8.4.4:443" - const mockedNumBytes = 128 - expectedAddr := newAddr(mockedEndpoint) - conn := newConn(mockedNumBytes, expectedAddr, nil) - saver := NewSaver() - v := &SingleNetworkEventValidator{ - ExpectedCount: mockedNumBytes, - ExpectedErr: nil, - ExpectedNetwork: "udp", - ExpectedOp: netxlite.ReadFromOperation, - ExpectedEpnt: mockedEndpoint, - Saver: saver, - } - buf := make([]byte, 1024) - count, addr, err := saver.ReadFrom(conn, buf) - if err != nil { - t.Fatal(err) - } - if expectedAddr.Network() != addr.Network() { - t.Fatal("invalid addr.Network") - } - if expectedAddr.String() != addr.String() { - t.Fatal("invalid addr.String") - } - if count != mockedNumBytes { - t.Fatal("invalid count") - } - if err := v.Validate(); err != nil { - t.Fatal(err) - } - }) - - t.Run("on failure", func(t *testing.T) { - mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF) - conn := newConn(0, nil, mockedError) - saver := NewSaver() - v := &SingleNetworkEventValidator{ - ExpectedCount: 0, - ExpectedErr: mockedError, - ExpectedNetwork: "udp", - ExpectedOp: netxlite.ReadFromOperation, - ExpectedEpnt: "", - Saver: saver, - } - buf := make([]byte, 1024) - count, addr, err := saver.ReadFrom(conn, buf) - if !errors.Is(err, mockedError) { - t.Fatal(err) - } - if addr != nil { - t.Fatal("invalid addr") - } - if count != 0 { - t.Fatal("invalid count") - } - if err := v.Validate(); err != nil { - t.Fatal(err) - } - }) -} - -func TestSaverQUICDialContext(t *testing.T) { - // newQUICDialer creates a new QUICDialer for testing. - newQUICDialer := func(qconn quic.EarlyConnection, err error) model.QUICDialer { - return &mocks.QUICDialer{ - MockDialContext: func( - ctx context.Context, network, address string, tlsConfig *tls.Config, - quicConfig *quic.Config) (quic.EarlyConnection, error) { - time.Sleep(time.Microsecond) - return qconn, err - }, - } - } - - // newQUICConnection creates a new quic.EarlyConnection for testing. - newQUICConnection := func(handshakeComplete context.Context, state tls.ConnectionState) quic.EarlyConnection { - return &mocks.QUICEarlyConnection{ - MockHandshakeComplete: func() context.Context { - return handshakeComplete - }, - MockConnectionState: func() quic.ConnectionState { - return quic.ConnectionState{ - TLS: qtls.ConnectionStateWith0RTT{ - ConnectionState: state, - }, - } - }, - MockCloseWithError: func(code quic.ApplicationErrorCode, reason string) error { - return nil - }, - } - } - - t.Run("on success", func(t *testing.T) { - handshakeCtx := context.Background() - handshakeCtx, handshakeCancel := context.WithCancel(handshakeCtx) - handshakeCancel() // simulate a completed handshake - const expectedNetwork = "udp" - const mockedEndpoint = "8.8.4.4:443" - saver := NewSaver() - var peerCerts [][]byte - ff := &fakefill.Filler{} - ff.Fill(&peerCerts) - if len(peerCerts) < 1 { - t.Fatal("did not fill peerCerts") - } - v := &SingleQUICTLSHandshakeValidator{ - ExpectedALPN: []string{"h3"}, - ExpectedSNI: "dns.google", - ExpectedSkipVerify: true, - // - ExpectedCipherSuite: tls.TLS_AES_128_GCM_SHA256, - ExpectedNegotiatedProtocol: "h3", - ExpectedPeerCerts: peerCerts, - ExpectedVersion: tls.VersionTLS13, - // - ExpectedNetwork: "quic", - ExpectedRemoteAddr: mockedEndpoint, - // - QUICConfig: &quic.Config{}, - // - ExpectedFailure: nil, - Saver: saver, - } - qconn := newQUICConnection(handshakeCtx, v.NewTLSConnectionState()) - dialer := newQUICDialer(qconn, nil) - ctx := context.Background() - qconn, err := saver.QUICDialContext(ctx, dialer, expectedNetwork, - mockedEndpoint, v.NewTLSConfig(), v.QUICConfig) - if err != nil { - t.Fatal(err) - } - if qconn == nil { - t.Fatal("expected nil qconn") - } - qconn.CloseWithError(0, "") - if err := v.Validate(); err != nil { - t.Fatal(err) - } - }) - - t.Run("on other error", func(t *testing.T) { - mockedError := netxlite.NewTopLevelGenericErrWrapper(io.EOF) - const expectedNetwork = "udp" - const mockedEndpoint = "8.8.4.4:443" - saver := NewSaver() - v := &SingleQUICTLSHandshakeValidator{ - ExpectedALPN: []string{"h3"}, - ExpectedSNI: "dns.google", - ExpectedSkipVerify: true, - // - ExpectedCipherSuite: 0, - ExpectedNegotiatedProtocol: "", - ExpectedPeerCerts: nil, - ExpectedVersion: 0, - // - ExpectedNetwork: "quic", - ExpectedRemoteAddr: mockedEndpoint, - // - QUICConfig: &quic.Config{}, - // - ExpectedFailure: mockedError, - Saver: saver, - } - dialer := newQUICDialer(nil, mockedError) - ctx := context.Background() - qconn, err := saver.QUICDialContext(ctx, dialer, expectedNetwork, - mockedEndpoint, v.NewTLSConfig(), v.QUICConfig) - if !errors.Is(err, mockedError) { - t.Fatal("unexpected error") - } - if qconn != nil { - t.Fatal("expected nil connection") - } - if err := v.Validate(); err != nil { - t.Fatal(err) - } - }) - - // TODO(bassosimone): here we're not testing the case in which - // the certificate is invalid for the required SNI. - // - // We need first to figure out whether this is what happens - // when we validate for QUIC in such cases. If that's the case - // indeed, then we can write the tests. - - t.Run("on x509.HostnameError", func(t *testing.T) { - t.Skip("test not implemented") - }) - - t.Run("on x509.UnknownAuthorityError", func(t *testing.T) { - t.Skip("test not implemented") - }) - - t.Run("on x509.CertificateInvalidError", func(t *testing.T) { - t.Skip("test not implemented") - }) -} - -type SingleQUICTLSHandshakeValidator struct { - // related to the tls.Config - ExpectedALPN []string - ExpectedSNI string - ExpectedSkipVerify bool - - // related to the tls.ConnectionState - ExpectedCipherSuite uint16 - ExpectedNegotiatedProtocol string - ExpectedPeerCerts [][]byte - ExpectedVersion uint16 - - // related to the mocked conn (TLS) / dial params (QUIC) - ExpectedNetwork string - ExpectedRemoteAddr string - - // tells us whether we're using QUIC - QUICConfig *quic.Config - - // other fields - ExpectedFailure error - Saver *Saver -} - -func (v *SingleQUICTLSHandshakeValidator) NewTLSConfig() *tls.Config { - return &tls.Config{ - NextProtos: v.ExpectedALPN, - ServerName: v.ExpectedSNI, - InsecureSkipVerify: v.ExpectedSkipVerify, - } -} - -func (v *SingleQUICTLSHandshakeValidator) NewTLSConnectionState() tls.ConnectionState { - var state tls.ConnectionState - if v.ExpectedCipherSuite != 0 { - state.CipherSuite = v.ExpectedCipherSuite - } - if v.ExpectedNegotiatedProtocol != "" { - state.NegotiatedProtocol = v.ExpectedNegotiatedProtocol - } - for _, cert := range v.ExpectedPeerCerts { - state.PeerCertificates = append(state.PeerCertificates, &x509.Certificate{ - Raw: cert, - }) - } - if v.ExpectedVersion != 0 { - state.Version = v.ExpectedVersion - } - return state -} - -func (v *SingleQUICTLSHandshakeValidator) Validate() error { - trace := v.Saver.MoveOutTrace() - var entries []*QUICTLSHandshakeEvent - if v.QUICConfig != nil { - entries = trace.QUICHandshake - } else { - entries = trace.TLSHandshake - } - if len(entries) != 1 { - return errors.New("expected to see a single entry") - } - entry := entries[0] - if diff := cmp.Diff(entry.ALPN, v.ExpectedALPN); diff != "" { - return errors.New(diff) - } - if entry.CipherSuite != netxlite.TLSCipherSuiteString(v.ExpectedCipherSuite) { - return errors.New("unexpected .CipherSuite") - } - if !errors.Is(entry.Failure, v.ExpectedFailure) { - return errors.New("unexpected .Failure") - } - if !entry.Finished.After(entry.Started) { - return errors.New(".Finished is not after .Started") - } - if entry.NegotiatedProto != v.ExpectedNegotiatedProtocol { - return errors.New("unexpected .NegotiatedProto") - } - if entry.Network != v.ExpectedNetwork { - return errors.New("unexpected .Network") - } - if diff := cmp.Diff(entry.PeerCerts, v.ExpectedPeerCerts); diff != "" { - return errors.New("unexpected .PeerCerts") - } - if entry.RemoteAddr != v.ExpectedRemoteAddr { - return errors.New("unexpected .RemoteAddr") - } - if entry.SNI != v.ExpectedSNI { - return errors.New("unexpected .ServerName") - } - if entry.SkipVerify != v.ExpectedSkipVerify { - return errors.New("unexpected .SkipVerify") - } - if entry.TLSVersion != netxlite.TLSVersionString(v.ExpectedVersion) { - return errors.New("unexpected .Version") - } - return nil -} diff --git a/mk b/mk index d4d8ce1230..7af7820f4c 100755 --- a/mk +++ b/mk @@ -64,7 +64,7 @@ GOLANG_EXTRA_FLAGS = #help: #help: * GOLANG_VERSION_NUMBER : the expected version number for golang. -GOLANG_VERSION_NUMBER = 1.17.10 +GOLANG_VERSION_NUMBER = 1.18.2 #help: #help: * MINGW_W64_VERSION : the expected mingw-w64 version. @@ -72,7 +72,7 @@ MINGW_W64_VERSION = 10.3.1 #help: #help: * OONIGO_BRANCH : the github.com/ooni/go branch to use. -OONIGO_BRANCH = oonigo1.17.10 +OONIGO_BRANCH = oonigo1.18.2 #help: #help: * OONI_PSIPHON_TAGS : build tags for `go build -tags ...` that cause