luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #3794 from hashicorp/tls-cleanup 

Removes stale TLS config clone() in favor of new supported method.
This commit is contained in:
James Phillips 2018-01-10 15:25:27 -08:00 committed by GitHub
parent 6e37c82f48 e8eafc4809
commit cd378432ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
tlsutil/config.go
View File

@ -187,39 +187,6 @@ func (c *Config) OutgoingTLSConfig() (*tls.Config, error) {
return tlsConfig, nil return tlsConfig, nil
} }
// Clone returns a copy of c. Only the exported fields are copied. This
// was copied from https://golang.org/src/crypto/tls/common.go since that
// isn't exported and Go 1.7's vet uncovered an unsafe copy of a mutex in
// here.
//
// TODO (slackpad) - This can be removed once we move to Go 1.8, see
// https://github.com/golang/go/commit/d24f446 for details.
func clone(c *tls.Config) *tls.Config {
return &tls.Config{
Rand: c.Rand,
Time: c.Time,
Certificates: c.Certificates,
NameToCertificate: c.NameToCertificate,
GetCertificate: c.GetCertificate,
RootCAs: c.RootCAs,
NextProtos: c.NextProtos,
ServerName: c.ServerName,
ClientAuth: c.ClientAuth,
ClientCAs: c.ClientCAs,
InsecureSkipVerify: c.InsecureSkipVerify,
CipherSuites: c.CipherSuites,
PreferServerCipherSuites: c.PreferServerCipherSuites,
SessionTicketsDisabled: c.SessionTicketsDisabled,
SessionTicketKey: c.SessionTicketKey,
ClientSessionCache: c.ClientSessionCache,
MinVersion: c.MinVersion,
MaxVersion: c.MaxVersion,
CurvePreferences: c.CurvePreferences,
DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
Renegotiation: c.Renegotiation,
}
}
// OutgoingTLSWrapper returns a a DCWrapper based on the OutgoingTLS // OutgoingTLSWrapper returns a a DCWrapper based on the OutgoingTLS
// configuration. If hostname verification is on, the wrapper // configuration. If hostname verification is on, the wrapper
// will properly generate the dynamic server name for verification. // will properly generate the dynamic server name for verification.
@ -245,7 +212,7 @@ func (c *Config) OutgoingTLSWrapper() (DCWrapper, error) {
// Generate the wrapper based on hostname verification // Generate the wrapper based on hostname verification
if c.VerifyServerHostname { if c.VerifyServerHostname {
wrapper = func(dc string, conn net.Conn) (net.Conn, error) { wrapper = func(dc string, conn net.Conn) (net.Conn, error) {
conf := clone(tlsConfig) conf := tlsConfig.Clone()
conf.ServerName = "server." + dc + "." + domain conf.ServerName = "server." + dc + "." + domain
return WrapTLSClient(conn, conf) return WrapTLSClient(conn, conf)
} }