TLS example fixes

gavv · gavv · commit 561d43e96bee · 2025-03-03T01:50:39.000+09:00
- update certs
- don't use testify in examples
- update README
diff --git a/README.md b/README.md
@@ -130,6 +130,10 @@ See [`_examples`](_examples) directory for complete standalone examples.
 
     Testing a WebSocket server based on [`gorilla/websocket`](https://github.com/gorilla/websocket). Tests invoke the `http.Handler` or `fasthttp.RequestHandler` directly.
 
+* [`tls_test.go`](_examples/tls_test.go)
+
+  Testing a TLS server made with `net/http` and `crypto/tls`
+
 * [`oauth2_test.go`](_examples/oauth2_test.go)
 
   Testing a OAuth2 server with [`oauth2`](https://github.com/go-oauth2/oauth2/).
@@ -142,10 +146,6 @@ See [`_examples`](_examples) directory for complete standalone examples.
 
     Testing with custom formatter for assertion messages.
 
-* [`tls_test.go`](_examples/tls_test.go)
-
-    Testing a tls server made with `net/http` and `crypto/tls`
-
 ## Quick start
 
 ##### Hello, world!
diff --git a/_examples/tls.go b/_examples/tls.go
@@ -11,24 +11,92 @@ import (
 	"strconv"
 )
 
+/*
+openssl ecparam -genkey -name secp384r1 -noout -out root.key
+
+	openssl req -x509 -new -nodes -key root.key -sha256 -days 99999 -out root.pem \
+		-subj "/C=US/ST=Default/L=Default/O=Default/OU=Root CA/CN=Root CA"
+
+cat root.pem
+*/
+const rootPEM = `-----BEGIN CERTIFICATE-----
+MIICYjCCAeigAwIBAgIUI0z85tUs0+AkSxegGbR8FIhDlLwwCgYIKoZIzj0EAwIw
+ZzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0RlZmF1bHQxEDAOBgNVBAcMB0RlZmF1
+bHQxEDAOBgNVBAoMB0RlZmF1bHQxEDAOBgNVBAsMB1Jvb3QgQ0ExEDAOBgNVBAMM
+B1Jvb3QgQ0EwIBcNMjUwMzAyMTYyNzU4WhgPMjI5ODEyMTUxNjI3NThaMGcxCzAJ
+BgNVBAYTAlVTMRAwDgYDVQQIDAdEZWZhdWx0MRAwDgYDVQQHDAdEZWZhdWx0MRAw
+DgYDVQQKDAdEZWZhdWx0MRAwDgYDVQQLDAdSb290IENBMRAwDgYDVQQDDAdSb290
+IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAErFzNSZjpYSDSltw59xWyJ4qWmhof
+e0idFvpU5IR/ESQCH2XLCB7pCPipcaMle6uXkBgLmDnlfx9uEjDyPCoH8/kzO9jU
+LxmP5qs6COOvp/te3NNtJ5d61YVsFvJtOV63o1MwUTAdBgNVHQ4EFgQU8QzxNU1Y
+Un8xwId7x+kw4+XSpMswHwYDVR0jBBgwFoAU8QzxNU1YUn8xwId7x+kw4+XSpMsw
+DwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNoADBlAjEA8G1boeaHX38AHHTo
+1HY40uz7xMw4iO6fyQ4oVgcpAc/gTFy+dLK1ZTcf6cSeabi8AjBxIpXixwrljDz+
+PpT7MUaOkjIOB/oL4saF83iwjFOp3iHQ0JKrK8/agyHcQVac4vU=
+-----END CERTIFICATE-----`
+
+/*
+openssl ecparam -genkey -name secp384r1 -noout -out server.key
+cat server.key
+*/
+const keyPEM = `-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDTT/qNszAfIQFRv9y34x1RgM3hFVAp5U3a/btjYqEgqxYk8kvUGlFr
++qEprddwNqCgBwYFK4EEACKhZANiAARiOW9fjG7w3oscwVgIV09b4j8OeHZU0Zm7
+tZETBGwIzFBiYfYkJZsdqd7xItm2NI9pIwUN1IOUaMWj04pt4QPimRF9595dsQRR
+QBi1vJGmGpbzVQMrdPX76841f7ijjMk=
+-----END EC PRIVATE KEY-----`
+
+/*
+cat >san.cnf <<-EOF
+[req]
+req_extensions = req_ext
+distinguished_name = dn
+
+[dn]
+C = US
+ST = Default
+L = Default
+O = Default
+OU = Server
+CN = localhost
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = 127.0.0.1
+EOF
+
+	openssl req -new -key server.key -out server.csr -config san.cnf \
+		-subj "/C=US/ST=Default/L=Default/O=Default/OU=Root CA/CN=Root CA"
+
+	openssl x509 -req -in server.csr -CA root.pem -CAkey root.key -CAcreateserial \
+		-out server.crt -days 99999 -sha256 -extensions req_ext -extfile san.cnf
+
+cat server.crt
+*/
+const certPEP = `-----BEGIN CERTIFICATE-----
+MIICYzCCAeigAwIBAgIUWwtxD72tzDuOZhszd51AVmuZpswwCgYIKoZIzj0EAwIw
+ZzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0RlZmF1bHQxEDAOBgNVBAcMB0RlZmF1
+bHQxEDAOBgNVBAoMB0RlZmF1bHQxEDAOBgNVBAsMB1Jvb3QgQ0ExEDAOBgNVBAMM
+B1Jvb3QgQ0EwIBcNMjUwMzAyMTY0NTQzWhgPMjI5ODEyMTUxNjQ1NDNaMGcxCzAJ
+BgNVBAYTAlVTMRAwDgYDVQQIDAdEZWZhdWx0MRAwDgYDVQQHDAdEZWZhdWx0MRAw
+DgYDVQQKDAdEZWZhdWx0MRAwDgYDVQQLDAdSb290IENBMRAwDgYDVQQDDAdSb290
+IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYjlvX4xu8N6LHMFYCFdPW+I/Dnh2
+VNGZu7WREwRsCMxQYmH2JCWbHane8SLZtjSPaSMFDdSDlGjFo9OKbeED4pkRfefe
+XbEEUUAYtbyRphqW81UDK3T1++vONX+4o4zJo1MwUTAPBgNVHREECDAGhwR/AAAB
+MB0GA1UdDgQWBBRmxPMxdBiiNpML14s8SWKQCOuLZjAfBgNVHSMEGDAWgBTxDPE1
+TVhSfzHAh3vH6TDj5dKkyzAKBggqhkjOPQQDAgNpADBmAjEAy0Bq3IU8jXkfz6be
+QwmYr+tqdBUnWpSwvIgySTU7nF1qT8CUF1Nq/xKbl1FQfFy9AjEA4ni6pxNc4v7a
+yaCpOxVFyMz6wFOdTdWBBR4MFNi/HsAcSGMvSIPM+PMYdFc0FmN3
+-----END CERTIFICATE-----`
+
 // NewRootCertPool creates a new custom root-certificate set.
 //
 // In this example, it's used so that the server's certificates are trusted.
 // In real world use it's better to omit this in order to use the
 // default root set of the current operating system.
 func NewRootCertPool() *x509.CertPool {
-	const rootPEM = `
------BEGIN CERTIFICATE-----
-MIIBUzCB+6ADAgECAgEBMAoGCCqGSM49BAMCMBIxEDAOBgNVBAoTB1Rlc3QgQ0Ew
-HhcNMjMxMTEzMTIyNTEzWhcNMjQwNTExMTIyNTEzWjASMRAwDgYDVQQKEwdUZXN0
-IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHBm1CiEs4CKw0ynUlzaTz9Pi
-ROnBwosfX3xYIEz5l1rN119FEJLWQFx8xBASkpZDz+Eehw9QdPaqwapDKGVgbaNC
-MEAwDgYDVR0PAQH/BAQDAgIEMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFExX
-luCP8Bp73F1L7UuFCM/NFgPkMAoGCCqGSM49BAMCA0cAMEQCIFLFQRgIUbjzA0c1
-Pennq6gP/WiJpppZPQq5IYR4V7BfAiBVoGh+32UOJ13YYO8HsL/6P7KIwZKXkJpJ
-LoibTriVMg==
------END CERTIFICATE-----
-`
 	roots := x509.NewCertPool()
 	ok := roots.AppendCertsFromPEM([]byte(rootPEM))
 	if !ok {
@@ -39,24 +107,7 @@ LoibTriVMg==
 
 // ExampleTLSServer creates a httptest.Server with hardcoded key pair.
 func ExampleTLSServer() *httptest.Server {
-	certPem := []byte(`-----BEGIN CERTIFICATE-----
-MIIBbDCCARKgAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQKEwdUZXN0IENB
-MB4XDTIzMTExMzEyMjUxN1oXDTI0MDUxMTEyMjUxN1owEjEQMA4GA1UEChMHQWNt
-ZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEvlkPnSh5jYMD4MSkjJH7HW
-iDR/UnqIJrI3nV0FTotWly0z3nMy0FCM1VxyGJc8HcKi2KPIaQmVF2sYCLwu8xuj
-WTBXMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSME
-GDAWgBRMV5bgj/Aae9xdS+1LhQjPzRYD5DAPBgNVHREECDAGhwR/AAABMAoGCCqG
-SM49BAMCA0gAMEUCIQDHQVvWrOvagkYT9/qeSZ7xUwTTWiRfvWmlCgLf5NXu7AIg
-ea/Q6OcG41k25PXVn3VRLRBEfSFIsuJzTyTNXCHx8vY=
------END CERTIFICATE-----`)
-
-	keyPem := []byte(`-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHHIE/n9wJI/dm1vnwhd8Jm/Wi04R+m8wYfUnkCFu4QnoAoGCCqGSM49
-AwEHoUQDQgAES+WQ+dKHmNgwPgxKSMkfsdaINH9SeogmsjedXQVOi1aXLTPeczLQ
-UIzVXHIYlzwdwqLYo8hpCZUXaxgIvC7zGw==
------END EC PRIVATE KEY-----`)
-
-	cert, err := tls.X509KeyPair(certPem, keyPem)
+	cert, err := tls.X509KeyPair([]byte(certPEP), []byte(keyPEM))
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/_examples/tls_test.go b/_examples/tls_test.go
@@ -2,11 +2,11 @@ package examples
 
 import (
 	"crypto/tls"
-	"github.com/gavv/httpexpect/v2"
-	"github.com/stretchr/testify/assert"
 	"net/http"
 	"strconv"
 	"testing"
+
+	"github.com/gavv/httpexpect/v2"
 )
 
 func TLSClient() *http.Client {
@@ -15,8 +15,7 @@ func TLSClient() *http.Client {
 }
 
 func TestExampleTlsServer(t *testing.T) {
-
-	server := ExampleTLSServer() // ExampleTlsServer()
+	server := ExampleTLSServer()
 	server.StartTLS()
 	defer server.Close()
 
@@ -84,7 +83,8 @@ func TestExampleTlsServer(t *testing.T) {
 	r.JSON().Decode(&m)
 
 	for item, amount := range m {
-		assert.Equal(t, amount, items[item])
+		if amount != items[item] {
+			t.Fail()
+		}
 	}
-
 }
