Handle broken TLS conf better

Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com> Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-12-06 18:28:05 +01:00 · 2022-12-06 18:28:05 +01:00 · 7e3fe48b80
commit 7e3fe48b80
parent 778188ed34
11 changed files with 404 additions and 159 deletions
--- a/pkg/tls/tlsmanager_test.go
+++ b/pkg/tls/tlsmanager_test.go
@ -119,8 +119,9 @@ func TestManager_Get(t *testing.T) {
 	}}

 	tlsConfigs := map[string]Options{
-		"foo": {MinVersion: "VersionTLS12"},
-		"bar": {MinVersion: "VersionTLS11"},
+		"foo":     {MinVersion: "VersionTLS12"},
+		"bar":     {MinVersion: "VersionTLS11"},
+		"invalid": {CurvePreferences: []string{"42"}},
 	}

 	testCases := []struct {
@ -140,15 +141,20 @@ func TestManager_Get(t *testing.T) {
 			expectedMinVersion: uint16(tls.VersionTLS11),
 		},
 		{
-			desc:           "Get an tls config from an invalid name",
+			desc:           "Get a tls config from an invalid name",
 			tlsOptionsName: "unknown",
 			expectedError:  true,
 		},
 		{
-			desc:           "Get an tls config from unexisting 'default' name",
+			desc:           "Get a tls config from unexisting 'default' name",
 			tlsOptionsName: "default",
 			expectedError:  true,
 		},
+		{
+			desc:           "Get an invalid tls config",
+			tlsOptionsName: "invalid",
+			expectedError:  true,
+		},
 	}

 	tlsManager := NewManager()
@ -161,42 +167,13 @@ func TestManager_Get(t *testing.T) {

 			config, err := tlsManager.Get("default", test.tlsOptionsName)
 			if test.expectedError {
-				assert.Error(t, err)
+				require.Nil(t, config)
+				require.Error(t, err)
 				return
 			}

-			assert.NoError(t, err)
-			assert.Equal(t, config.MinVersion, test.expectedMinVersion)
-		})
-	}
-}
-
-func TestManager_Get_GetCertificate(t *testing.T) {
-	testCases := []struct {
-		desc                 string
-		expectedGetConfigErr require.ErrorAssertionFunc
-		expectedCertificate  assert.ValueAssertionFunc
-	}{
-		{
-			desc:                 "Get a default certificate from non-existing store",
-			expectedGetConfigErr: require.Error,
-			expectedCertificate:  assert.Nil,
-		},
-	}
-
-	tlsManager := NewManager()
-
-	for _, test := range testCases {
-		test := test
-		t.Run(test.desc, func(t *testing.T) {
-			t.Parallel()
-
-			config, err := tlsManager.Get("default", "foo")
-			test.expectedGetConfigErr(t, err)
-
-			certificate, err := config.GetCertificate(&tls.ClientHelloInfo{})
 			require.NoError(t, err)
-			test.expectedCertificate(t, certificate)
+			assert.Equal(t, config.MinVersion, test.expectedMinVersion)
 		})
 	}
 }