fix(pia): port forwarding certificate

- Do not use custom PIA certificate - Only use OS certificates - Update unit test
2022-04-25 08:23:33 +00:00
parent df78386fbe
commit db91625de4
4 changed files with 53 additions and 85 deletions
--- a/internal/provider/privateinternetaccess/httpclient_test.go
+++ b/internal/provider/privateinternetaccess/httpclient_test.go
@@ -0,0 +1,31 @@
+package privateinternetaccess
+
+import (
+	"crypto/tls"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_newHTTPClient(t *testing.T) {
+	t.Parallel()
+
+	const serverName = "testserver"
+
+	expectedPIATransportTLSConfig := &tls.Config{
+		// Can't directly compare RootCAs because of private fields
+		RootCAs:    nil,
+		MinVersion: tls.VersionTLS12,
+		ServerName: serverName,
+	}
+
+	piaClient := newHTTPClient(serverName)
+
+	// Verify pia transport TLS config is set
+	piaTransport, ok := piaClient.Transport.(*http.Transport)
+	require.True(t, ok)
+	piaTransport.TLSClientConfig.RootCAs = nil
+	assert.Equal(t, expectedPIATransportTLSConfig, piaTransport.TLSClientConfig)
+}