From ffb5388215c2d62d2874e6882d9b5c8e5680a100 Mon Sep 17 00:00:00 2001
From: Apoorv Kothari <apoorv@toidiu.com>
Date: Sat, 23 Nov 2024 16:23:55 -0800
Subject: [PATCH] use testing_tls12 policy

---
 .../integration/src/network/tls_client.rs     | 22 ++++++++++++-------
 bindings/rust/s2n-tls-tokio/Cargo.toml        |  1 +
 .../rust/s2n-tls-tokio/tests/common/mod.rs    |  6 ++---
 bindings/rust/s2n-tls/src/security.rs         |  4 ++--
 4 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/bindings/rust/integration/src/network/tls_client.rs b/bindings/rust/integration/src/network/tls_client.rs
index 0f32da8e42b..caef998abf7 100644
--- a/bindings/rust/integration/src/network/tls_client.rs
+++ b/bindings/rust/integration/src/network/tls_client.rs
@@ -1,7 +1,11 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use s2n_tls::{config::Config, enums::Version, security::Policy};
+use s2n_tls::{
+    config::Config,
+    enums::Version,
+    security::{self, Policy},
+};
 use s2n_tls_tokio::{TlsConnector, TlsStream};
 use tokio::net::TcpStream;
 
@@ -14,13 +18,13 @@ use tokio::net::TcpStream;
 /// `Err``.
 async fn handshake_with_domain(
     domain: &str,
-    security_policy: &str,
+    security_policy: &Policy,
 ) -> Result<TlsStream<TcpStream>, Box<dyn std::error::Error>> {
-    tracing::info!("querying {domain} with {security_policy}");
+    tracing::info!("querying {domain} with {:?}", security_policy);
     const PORT: u16 = 443;
 
     let mut config = Config::builder();
-    config.set_security_policy(&Policy::from_version(security_policy)?)?;
+    config.set_security_policy(security_policy)?;
 
     let client = TlsConnector::new(config.build()?);
     // open the TCP stream
@@ -42,7 +46,8 @@ mod kms_pq {
     // supports ML-KEM.
     #[test_log::test(tokio::test)]
     async fn pq_handshake() -> Result<(), Box<dyn std::error::Error>> {
-        let tls = handshake_with_domain(DOMAIN, "KMS-PQ-TLS-1-0-2020-07").await?;
+        let policy = Policy::from_version("KMS-PQ-TLS-1-0-2020-07")?;
+        let tls = handshake_with_domain(DOMAIN, &policy).await?;
 
         assert_eq!(
             tls.as_ref().cipher_suite()?,
@@ -65,7 +70,8 @@ mod kms_pq {
         ];
 
         for security_policy in EARLY_DRAFT_PQ_POLICIES {
-            let tls = handshake_with_domain(DOMAIN, security_policy).await?;
+            let policy = Policy::from_version(security_policy)?;
+            let tls = handshake_with_domain(DOMAIN, &policy).await?;
 
             assert_eq!(tls.as_ref().cipher_suite()?, "ECDHE-RSA-AES256-GCM-SHA384");
             assert_eq!(tls.as_ref().kem_name(), None);
@@ -84,10 +90,10 @@ async fn tls_client() -> Result<(), Box<dyn std::error::Error>> {
     for domain in DOMAINS {
         tracing::info!("querying {domain}");
 
-        let tls12 = handshake_with_domain(domain, "20240501").await?;
+        let tls12 = handshake_with_domain(domain, &security::TESTING_TLS12).await?;
         assert_eq!(tls12.as_ref().actual_protocol_version()?, Version::TLS12);
 
-        let tls13 = handshake_with_domain(domain, "default_tls13").await?;
+        let tls13 = handshake_with_domain(domain, &security::DEFAULT_TLS13).await?;
         assert_eq!(tls13.as_ref().actual_protocol_version()?, Version::TLS13);
     }
 
diff --git a/bindings/rust/s2n-tls-tokio/Cargo.toml b/bindings/rust/s2n-tls-tokio/Cargo.toml
index c4cb389943b..fc6db8d014d 100644
--- a/bindings/rust/s2n-tls-tokio/Cargo.toml
+++ b/bindings/rust/s2n-tls-tokio/Cargo.toml
@@ -19,6 +19,7 @@ s2n-tls = { version = "=0.3.7", path = "../s2n-tls" }
 tokio = { version = "1", features = ["net", "time"] }
 
 [dev-dependencies]
+s2n-tls = { path = "../s2n-tls", features = ["unstable-testing"] }
 clap = { version = "3", features = ["derive"] }
 rand = { version = "0.8" }
 tokio = { version = "1", features = [ "io-std", "io-util", "macros", "net", "rt-multi-thread", "test-util", "time"] }
diff --git a/bindings/rust/s2n-tls-tokio/tests/common/mod.rs b/bindings/rust/s2n-tls-tokio/tests/common/mod.rs
index 40207b71542..c4fc0c0af80 100644
--- a/bindings/rust/s2n-tls-tokio/tests/common/mod.rs
+++ b/bindings/rust/s2n-tls-tokio/tests/common/mod.rs
@@ -5,7 +5,7 @@ use s2n_tls::{
     config,
     connection::Builder,
     error::Error,
-    security::{Policy, DEFAULT_TLS13},
+    security::{self, DEFAULT_TLS13},
 };
 use s2n_tls_tokio::{TlsAcceptor, TlsConnector, TlsStream};
 use std::time::Duration;
@@ -61,14 +61,14 @@ pub fn server_config() -> Result<config::Builder, Error> {
 
 pub fn client_config_tls12() -> Result<config::Builder, Error> {
     let mut builder = config::Config::builder();
-    builder.set_security_policy(&Policy::from_version("20240501").unwrap())?;
+    builder.set_security_policy(&security::TESTING_TLS12)?;
     builder.trust_pem(RSA_CERT_PEM)?;
     Ok(builder)
 }
 
 pub fn server_config_tls12() -> Result<config::Builder, Error> {
     let mut builder = config::Config::builder();
-    builder.set_security_policy(&Policy::from_version("20240501").unwrap())?;
+    builder.set_security_policy(&security::TESTING_TLS12)?;
 
     builder.load_pem(RSA_CERT_PEM, RSA_KEY_PEM)?;
     Ok(builder)
diff --git a/bindings/rust/s2n-tls/src/security.rs b/bindings/rust/s2n-tls/src/security.rs
index a8c06380270..ea718050b6f 100644
--- a/bindings/rust/s2n-tls/src/security.rs
+++ b/bindings/rust/s2n-tls/src/security.rs
@@ -108,7 +108,8 @@ pub const DEFAULT_TLS13: Policy = policy!("default_tls13");
 #[cfg(feature = "pq")]
 pub const TESTING_PQ: Policy = policy!("PQ-TLS-1-0-2021-05-26");
 
-pub(crate) const TESTING_TLS12: Policy = policy!("20240501");
+#[cfg(any(feature = "unstable-testing", test))]
+pub const TESTING_TLS12: Policy = policy!("20240501");
 
 #[cfg(feature = "pq")]
 pub const DEFAULT_PQ: Policy = policy!("default_pq");
@@ -116,7 +117,6 @@ pub const DEFAULT_PQ: Policy = policy!("default_pq");
 pub const ALL_POLICIES: &[Policy] = &[
     DEFAULT,
     DEFAULT_TLS13,
-    TESTING_TLS12,
     #[cfg(feature = "pq")]
     TESTING_PQ,
     #[cfg(feature = "pq")]