Add fasthttp.GenerateTestCertificate and use in tests

Remove ssl-cert-snakeoil so our tests don't fail in 2025.

client_test.go

@@ -449,12 +449,16 @@ func testClientRedirectListener(t *testing.T, isTLS bool) net.Listener {
 	var tlsConfig *tls.Config
 
 	if isTLS {
-		certFile := "./ssl-cert-snakeoil.pem"
-		keyFile := "./ssl-cert-snakeoil.key"
-		cert, err1 := tls.LoadX509KeyPair(certFile, keyFile)
-		if err1 != nil {
-			t.Fatalf("Cannot load TLS certificate: %s", err1)
+		certData, keyData, kerr := GenerateTestCertificate("localhost")
+		if kerr != nil {
+			t.Fatal(kerr)
 		}
+
+		cert, kerr := tls.X509KeyPair(certData, keyData)
+		if kerr != nil {
+			t.Fatal(kerr)
+		}
+
 		tlsConfig = &tls.Config{
 			Certificates: []tls.Certificate{cert},
 		}
@@ -2251,12 +2255,16 @@ func startEchoServerExt(t *testing.T, network, addr string, isTLS bool) *testEch
 	var ln net.Listener
 	var err error
 	if isTLS {
-		certFile := "./ssl-cert-snakeoil.pem"
-		keyFile := "./ssl-cert-snakeoil.key"
-		cert, err1 := tls.LoadX509KeyPair(certFile, keyFile)
-		if err1 != nil {
-			t.Fatalf("Cannot load TLS certificate: %s", err1)
+		certData, keyData, kerr := GenerateTestCertificate("localhost")
+		if kerr != nil {
+			t.Fatal(kerr)
 		}
+
+		cert, kerr := tls.X509KeyPair(certData, keyData)
+		if kerr != nil {
+			t.Fatal(kerr)
+		}
+
 		tlsConfig := &tls.Config{
 			Certificates: []tls.Certificate{cert},
 		}

examples/fileserver/fileserver.go

@@ -17,11 +17,11 @@ var (
 	addr               = flag.String("addr", "localhost:8080", "TCP address to listen to")
 	addrTLS            = flag.String("addrTLS", "", "TCP address to listen to TLS (aka SSL or HTTPS) requests. Leave empty for disabling TLS")
 	byteRange          = flag.Bool("byteRange", false, "Enables byte range requests if set to true")
-	certFile           = flag.String("certFile", "./ssl-cert-snakeoil.pem", "Path to TLS certificate file")
+	certFile           = flag.String("certFile", "./ssl-cert.pem", "Path to TLS certificate file")
 	compress           = flag.Bool("compress", false, "Enables transparent response compression if set to true")
 	dir                = flag.String("dir", "/usr/share/nginx/html", "Directory to serve static files from")
 	generateIndexPages = flag.Bool("generateIndexPages", true, "Whether to generate directory index pages")
-	keyFile            = flag.String("keyFile", "./ssl-cert-snakeoil.key", "Path to TLS key file")
+	keyFile            = flag.String("keyFile", "./ssl-cert.key", "Path to TLS key file")
 	vhost              = flag.Bool("vhost", false, "Enables virtual hosting by prepending the requested path with the requested hostname")
 )
 

examples/multidomain/multidomain.go

@@ -1,14 +1,7 @@
 package main
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
 	"fmt"
-	"math/big"
-	"time"
 
 	"github.com/valyala/fasthttp"
 )
@@ -39,7 +32,7 @@ func main() {
 	}
 
 	// preparing first host
-	cert, priv, err := GenerateCert("localhost:8080")
+	cert, priv, err := fasthttp.GenerateTestCertificate("localhost:8080")
 	if err != nil {
 		panic(err)
 	}
@@ -53,7 +46,7 @@ func main() {
 	}
 
 	// preparing second host
-	cert, priv, err = GenerateCert("127.0.0.1")
+	cert, priv, err = fasthttp.GenerateTestCertificate("127.0.0.1")
 	if err != nil {
 		panic(err)
 	}
@@ -68,52 +61,3 @@ func main() {
 
 	fmt.Println(server.ListenAndServeTLS(":8080", "", ""))
 }
-
-// GenerateCert generates certificate and private key based on the given host.
-func GenerateCert(host string) ([]byte, []byte, error) {
-	priv, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
-	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	cert := &x509.Certificate{
-		SerialNumber: serialNumber,
-		Subject: pkix.Name{
-			Organization: []string{"I have your data"},
-		},
-		NotBefore:             time.Now(),
-		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
-		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
-		SignatureAlgorithm:    x509.SHA256WithRSA,
-		DNSNames:              []string{host},
-		BasicConstraintsValid: true,
-		IsCA:                  true,
-	}
-
-	certBytes, err := x509.CreateCertificate(
-		rand.Reader, cert, cert, &priv.PublicKey, priv,
-	)
-
-	p := pem.EncodeToMemory(
-		&pem.Block{
-			Type:  "PRIVATE KEY",
-			Bytes: x509.MarshalPKCS1PrivateKey(priv),
-		},
-	)
-
-	b := pem.EncodeToMemory(
-		&pem.Block{
-			Type:  "CERTIFICATE",
-			Bytes: certBytes,
-		},
-	)
-
-	return b, p, err
-}

server_test.go

@@ -898,16 +898,18 @@ func TestServerTLS(t *testing.T) {
 	text := []byte("Make fasthttp great again")
 	ln := fasthttputil.NewInmemoryListener()
 
-	certFile := "./ssl-cert-snakeoil.pem"
-	keyFile := "./ssl-cert-snakeoil.key"
-
 	s := &Server{
 		Handler: func(ctx *RequestCtx) {
 			ctx.Write(text) //nolint:errcheck
 		},
 	}
 
-	err := s.AppendCert(certFile, keyFile)
+	certData, keyData, err := GenerateTestCertificate("localhost")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = s.AppendCertEmbed(certData, keyData)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -945,17 +947,19 @@ func TestServerTLSReadTimeout(t *testing.T) {
 
 	ln := fasthttputil.NewInmemoryListener()
 
-	certFile := "./ssl-cert-snakeoil.pem"
-	keyFile := "./ssl-cert-snakeoil.key"
-
 	s := &Server{
 		ReadTimeout: time.Millisecond * 100,
 		Logger:      &testLogger{}, // Ignore log output.
 		Handler: func(ctx *RequestCtx) {
 		},
 	}
 
-	err := s.AppendCert(certFile, keyFile)
+	certData, keyData, err := GenerateTestCertificate("localhost")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = s.AppendCertEmbed(certData, keyData)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -995,16 +999,9 @@ func TestServerServeTLSEmbed(t *testing.T) {
 
 	ln := fasthttputil.NewInmemoryListener()
 
-	certFile := "./ssl-cert-snakeoil.pem"
-	keyFile := "./ssl-cert-snakeoil.key"
-
-	certData, err := ioutil.ReadFile(certFile)
+	certData, keyData, err := GenerateTestCertificate("localhost")
 	if err != nil {
-		t.Fatalf("unexpected error when reading %q: %s", certFile, err)
-	}
-	keyData, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		t.Fatalf("unexpected error when reading %q: %s", keyFile, err)
+		t.Fatal(err)
 	}
 
 	// start the server

tls.go

@@ -0,0 +1,60 @@
+package fasthttp
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"time"
+)
+
+// GenerateTestCertificate generates a test certificate and private key based on the given host.
+func GenerateTestCertificate(host string) ([]byte, []byte, error) {
+	priv, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	cert := &x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"fasthttp test"},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
+		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+		SignatureAlgorithm:    x509.SHA256WithRSA,
+		DNSNames:              []string{host},
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+	}
+
+	certBytes, err := x509.CreateCertificate(
+		rand.Reader, cert, cert, &priv.PublicKey, priv,
+	)
+
+	p := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(priv),
+		},
+	)
+
+	b := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "CERTIFICATE",
+			Bytes: certBytes,
+		},
+	)
+
+	return b, p, err
+}