diff options
| author |   jsing <jsing@openbsd.org> | 2019-11-02 13:56:17 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2019-11-02 13:56:17 +0000 |
| commit | b97dc7d27f21f910eab2dd4e454fe6182e950e87 (patch) | |
| tree | dda963d542750b0b605a23875aaf3f06e320ec7e /regress/lib/libtls | |
| parent | Disable test-tal since it currently fails to build. (diff) | |
| download | wireguard-openbsd-b97dc7d27f21f910eab2dd4e454fe6182e950e87.tar.xz wireguard-openbsd-b97dc7d27f21f910eab2dd4e454fe6182e950e87.zip | |
Add tls_conn_cipher_strength() to gotls regress.
Diffstat (limited to 'regress/lib/libtls')
| -rw-r--r-- | regress/lib/libtls/gotls/tls.go | 10 | ||||
| -rw-r--r-- | regress/lib/libtls/gotls/tls_test.go | 12 |
2 files changed, 20 insertions, 2 deletions
diff --git a/regress/lib/libtls/gotls/tls.go b/regress/lib/libtls/gotls/tls.go index be75e71f4fb..dbd3b717b06 100644 --- a/regress/lib/libtls/gotls/tls.go +++ b/regress/lib/libtls/gotls/tls.go @@ -256,6 +256,16 @@ func (t *TLS) ConnCipher() (string, error) { return C.GoString(cipher), nil } +// ConnCipherStrength returns the strength in bits for the symmetric +// cipher that is used for the connection. +func (t *TLS) ConnCipherStrength() (int, error) { + strength := C.tls_conn_cipher_strength(t.ctx) + if strength == 0 { + return 0, errors.New("no connection cipher strength") + } + return int(strength), nil +} + // Connect attempts to establish an TLS connection to the specified host on // the given port. The host may optionally contain a colon separated port // value if the port string is specified as an empty string. diff --git a/regress/lib/libtls/gotls/tls_test.go b/regress/lib/libtls/gotls/tls_test.go index 077dd86e82c..1a9f62eff8f 100644 --- a/regress/lib/libtls/gotls/tls_test.go +++ b/regress/lib/libtls/gotls/tls_test.go @@ -336,6 +336,9 @@ func TestTLSInfo(t *testing.T) { if _, err := tls.ConnCipher(); err == nil { t.Error("ConnCipher() return nil error, want error") } + if _, err := tls.ConnCipherStrength(); err == nil { + t.Error("ConnCipherStrength() return nil error, want error") + } if got, want := tls.PeerCertProvided(), false; got != want { t.Errorf("PeerCertProvided() = %v, want %v", got, want) @@ -368,15 +371,20 @@ func TestTLSInfo(t *testing.T) { } if version, err := tls.ConnVersion(); err != nil { - t.Errorf("ConnVersion() return error: %v", err) + t.Errorf("ConnVersion() returned error: %v", err) } else { t.Logf("Protocol version: %v", version) } if cipher, err := tls.ConnCipher(); err != nil { - t.Errorf("ConnCipher() return error: %v", err) + t.Errorf("ConnCipher() returned error: %v", err) } else { t.Logf("Cipher: %v", cipher) } + if strength, err := tls.ConnCipherStrength(); err != nil { + t.Errorf("ConnCipherStrength() return ederror: %v", err) + } else { + t.Logf("Cipher Strength: %v bits", strength) + } if got, want := tls.PeerCertProvided(), true; got != want { t.Errorf("PeerCertProvided() = %v, want %v", got, want) |