feat: Add more TLS tests to the test suite #26324
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a test that will panic on server startup because connections to said server are invalid. We add a bad expired cert to our cert generation for usage in our tests. Note that this test is only really valid if other tests pass as it depends on waiting for the server start checks to fail. If other tests run then their server started fine and so did this one, the only difference being that connections will error due to a bad tls cert. Closes #26256
This is a follow on to #26307. In this commit we add a test where we check that connections only pass if TLS is set to v1.3. The default is 1.2 and other tests connect with that just fine. In this test we spin up a server using only v1.3 as the minimum and try to connect with v1.2 which we expect to fail and then v1.3 which should pass. Closes #26308
hiltontj
approved these changes
Apr 24, 2025
hiltontj
pushed a commit
that referenced
this pull request
May 2, 2025
* feat: Add a negative cert test This adds a test that will panic on server startup because connections to said server are invalid. We add a bad expired cert to our cert generation for usage in our tests. Note that this test is only really valid if other tests pass as it depends on waiting for the server start checks to fail. If other tests run then their server started fine and so did this one, the only difference being that connections will error due to a bad tls cert. Closes #26256 * feat: Add minimum TLS version test This is a follow on to #26307. In this commit we add a test where we check that connections only pass if TLS is set to v1.3. The default is 1.2 and other tests connect with that just fine. In this test we spin up a server using only v1.3 as the minimum and try to connect with v1.2 which we expect to fail and then v1.3 which should pass. Closes #26308
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
feat: Add a negative cert test
This adds a test that will panic on server startup because connections
to said server are invalid. We add a bad expired cert to our cert
generation for usage in our tests.
Note that this test is only really valid if other tests pass as it
depends on waiting for the server start checks to fail. If other
tests run then their server started fine and so did this one, the
only difference being that connections will error due to a bad tls cert.
Closes #26256
feat: Add minimum TLS version test
This is a follow on to #26307. In this commit we add a test where we
check that connections only pass if TLS is set to v1.3. The default is
1.2 and other tests connect with that just fine. In this test we spin
up a server using only v1.3 as the minimum and try to connect with v1.2
which we expect to fail and then v1.3 which should pass.
Closes #26308