merge master

security/advancedtls/advancedtls.go

@@ -277,7 +277,13 @@ func (o *ClientOptions) config() (*tls.Config, error) {
 	if o.VerifyPeer != nil {
 		o.AdditionalPeerVerification = o.VerifyPeer
 	}
-	if o.VType == SkipVerification && o.AdditionalPeerVerification == nil {
+	// TODO(gtcooke94). VType is deprecated, eventually remove this block. This
+	// will ensure that users still explicitly setting `VType` will get the
+	// setting to the right place.
+	if o.VType != CertAndHostVerification {
+		o.VerificationType = o.VType
+	}
+	if o.VerificationType == SkipVerification && o.AdditionalPeerVerification == nil {
 		return nil, fmt.Errorf("client needs to provide custom verification mechanism if choose to skip default verification")
 	}
 	// Make sure users didn't specify more than one fields in
@@ -358,7 +364,13 @@ func (o *ServerOptions) config() (*tls.Config, error) {
 	if o.VerifyPeer != nil {
 		o.AdditionalPeerVerification = o.VerifyPeer
 	}
-	if o.RequireClientCert && o.VType == SkipVerification && o.AdditionalPeerVerification == nil {
+	// TODO(gtcooke94). VType is deprecated, eventually remove this block. This
+	// will ensure that users still explicitly setting `VType` will get the
+	// setting to the right place.
+	if o.VType != CertAndHostVerification {
+		o.VerificationType = o.VType
+	}
+	if o.RequireClientCert && o.VerificationType == SkipVerification && o.AdditionalPeerVerification == nil {
 		return nil, fmt.Errorf("server needs to provide custom verification mechanism if choose to skip default verification, but require client certificate(s)")
 	}
 	// Make sure users didn't specify more than one fields in
@@ -634,7 +646,7 @@ func NewClientCreds(o *ClientOptions) (credentials.TransportCredentials, error)
 		isClient:         true,
 		getRootCAs:       o.RootOptions.GetRootCertificates,
 		verifyFunc:       o.AdditionalPeerVerification,
-		vType:            o.VType,
+		verificationType: o.VerificationType,
 		revocationConfig: o.RevocationConfig,
 	}
 	tc.config.NextProtos = credinternal.AppendH2ToNextProtos(tc.config.NextProtos)
@@ -653,7 +665,7 @@ func NewServerCreds(o *ServerOptions) (credentials.TransportCredentials, error)
 		isClient:         false,
 		getRootCAs:       o.RootOptions.GetRootCertificates,
 		verifyFunc:       o.AdditionalPeerVerification,
-		vType:            o.VType,
+		verificationType: o.VerificationType,
 		revocationConfig: o.RevocationConfig,
 	}
 	tc.config.NextProtos = credinternal.AppendH2ToNextProtos(tc.config.NextProtos)

security/advancedtls/advancedtls_integration_test.go

@@ -138,19 +138,34 @@ func (s) TestEnd2End(t *testing.T) {
 	}
 	stage := &stageInfo{}
 	for _, test := range []struct {
+<<<<<<< HEAD
 		desc             string
 		clientCert       []tls.Certificate
 		clientGetCert    func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
 		clientRoot       *x509.CertPool
 		clientGetRoot    func(params *GetRootCAsParams) (*GetRootCAsResults, error)
 		clientVerifyFunc PostHandshakeVerificationFunc
-		clientVType      VerificationType
+		clientVerificationType VerificationType
 		serverCert       []tls.Certificate
 		serverGetCert    func(*tls.ClientHelloInfo) ([]*tls.Certificate, error)
 		serverRoot       *x509.CertPool
 		serverGetRoot    func(params *GetRootCAsParams) (*GetRootCAsResults, error)
 		serverVerifyFunc PostHandshakeVerificationFunc
 		serverVType      VerificationType
+		serverVerificationType VerificationType
+=======
+		desc                   string
+		clientCert             []tls.Certificate
+		clientGetCert          func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
+		clientRoot             *x509.CertPool
+		clientGetRoot          func(params *GetRootCAsParams) (*GetRootCAsResults, error)
+		clientVerifyFunc       CustomVerificationFunc
+		serverCert             []tls.Certificate
+		serverGetCert          func(*tls.ClientHelloInfo) ([]*tls.Certificate, error)
+		serverRoot             *x509.CertPool
+		serverGetRoot          func(params *GetRootCAsParams) (*GetRootCAsResults, error)
+		serverVerifyFunc       CustomVerificationFunc
+>>>>>>> master
 	}{
 		// Test Scenarios:
 		// At initialization(stage = 0), client will be initialized with cert
@@ -317,9 +332,10 @@ func (s) TestEnd2End(t *testing.T) {
 			clientVerifyFunc: func(params *HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) {
 				return &PostHandshakeVerificationResults{}, nil
 			},
-			clientVType: CertVerification,
-			serverCert:  []tls.Certificate{cs.ServerCert1},
-			serverRoot:  cs.ServerTrust1,
+			clientVerificationType: CertVerification,
+			serverCert:             []tls.Certificate{cs.ServerCert1},
+			serverRoot:             cs.ServerTrust1,
+			serverVerifyFunc: func(params *VerificationFuncParams) (*VerificationResults, error) {
 			serverVerifyFunc: func(params *HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) {
 				switch stage.read() {
 				case 0, 2:
@@ -347,7 +363,7 @@ func (s) TestEnd2End(t *testing.T) {
 				},
 				RequireClientCert:          true,
 				AdditionalPeerVerification: test.serverVerifyFunc,
-				VType:                      test.serverVType,
+				VerificationType:  test.serverVerificationType,
 			}
 			serverTLSCreds, err := NewServerCreds(serverOptions)
 			if err != nil {

security/advancedtls/advancedtls_test.go

@@ -432,7 +432,7 @@ func (s) TestClientServerHandshake(t *testing.T) {
 		clientRoot                 *x509.CertPool
 		clientGetRoot              func(params *GetRootCAsParams) (*GetRootCAsResults, error)
 		clientVerifyFunc           PostHandshakeVerificationFunc
-		clientVType                VerificationType
+		clientVerificationType     VerificationType
 		clientRootProvider         certprovider.Provider
 		clientIdentityProvider     certprovider.Provider
 		clientRevocationConfig     *RevocationConfig
@@ -443,7 +443,7 @@ func (s) TestClientServerHandshake(t *testing.T) {
 		serverRoot                 *x509.CertPool
 		serverGetRoot              func(params *GetRootCAsParams) (*GetRootCAsResults, error)
 		serverVerifyFunc           PostHandshakeVerificationFunc
-		serverVType                VerificationType
+		serverVerificationType     VerificationType
 		serverRootProvider         certprovider.Provider
 		serverIdentityProvider     certprovider.Provider
 		serverRevocationConfig     *RevocationConfig
@@ -824,7 +824,7 @@ func (s) TestClientServerHandshake(t *testing.T) {
 				},
 				RequireClientCert:          test.serverMutualTLS,
 				AdditionalPeerVerification: test.serverVerifyFunc,
-				VType:                      test.serverVType,
+				VerificationType:           test.serverVerificationType,
 				RevocationConfig:           test.serverRevocationConfig,
 			}
 			go func(done chan credentials.AuthInfo, lis net.Listener, serverOptions *ServerOptions) {