add test for TLS version selection

Since rustls does not even support TLS versions below 1.2, no need to check for that.
2026-03-25 09:05:50 +00:00 · 2021-02-25 17:31:24 +01:00 · 2021-02-25 17:31:24 +01:00 · 8a6eb65b48
commit 8a6eb65b48
parent 8b4692b08b
3 changed files with 24 additions and 0 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -19,6 +19,7 @@ dependencies = [
 "tokio",
 "tokio-rustls",
 "url",
+ "webpki",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -29,6 +29,7 @@ configparser = "2.0"
 assert_cmd = "1.0"
 gemini-fetch = { version = "0.2.1", git = "https://github.com/Johann150/gemini-fetch.git" }
 anyhow = "1.0"
+webpki = "0.21.4"

 [profile.release]
 lto = true
--- a/tests/tests.rs
+++ b/tests/tests.rs
@ -254,3 +254,25 @@ fn serve_secret() {

    assert_eq!(page.header.status, Status::Success);
 }
+
+#[test]
+#[should_panic(expected = "AlertReceived(ProtocolVersion)")]
+fn explicit_tls_version() {
+    use rustls::{ClientSession, ProtocolVersion};
+    use std::io::Read;
+    use std::net::TcpStream;
+
+    let _server = Server::new(&["--addr", "[::]:1976", "-3"]);
+
+    let mut config = rustls::ClientConfig::new();
+    // try to connect using only TLS 1.2
+    config.versions = vec![ProtocolVersion::TLSv1_2];
+
+    let dns_name = webpki::DNSNameRef::try_from_ascii_str("localhost").unwrap();
+    let mut session = ClientSession::new(&std::sync::Arc::new(config), dns_name);
+    let mut tcp = TcpStream::connect(addr(1976)).unwrap();
+    let mut tls = rustls::Stream::new(&mut session, &mut tcp);
+
+    let mut buf = [0; 10];
+    tls.read(&mut buf).unwrap();
+}