contrib/fasthttp
1
0
Fork 0
mirror of https://github.com/valyala/fasthttp.git synced 2026-06-25 17:45:28 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: make public Server.TLSConfig (#1128)

Browse Source 
* feat: make public Server.TLSConfig

* fix: clone tls config only when ServeTLS, ServeTLSEmbed, ListenAndServeTLS or ListenAndServeTLSEmbed
This commit is contained in:
Sergio VS
2021-10-20 20:41:02 +02:00
committed by GitHub
parent fe7d90ed50
commit 4cfec1a795
1 changed files with 23 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server.go
+23 -14
View File
@@ -391,7 +391,17 @@ type Server struct {
// By default standard logger from log package is used.
Logger Logger
tlsConfig *tls.Config
// TLSConfig optionally provides a TLS configuration for use
// by ServeTLS, ServeTLSEmbed, ListenAndServeTLS, ListenAndServeTLSEmbed,
// AppendCert, AppendCertEmbed and NextProto.
//
// Note that this value is cloned by ServeTLS, ServeTLSEmbed, ListenAndServeTLS
// and ListenAndServeTLSEmbed, so it's not possible to modify the configuration
// with methods like tls.Config.SetSessionTicketKeys.
// To use SetSessionTicketKeys, use Server.Serve with a TLS Listener
// instead.
TLSConfig *tls.Config
nextProtos map[string]ServeHandler
concurrency uint32
@@ -1464,8 +1474,9 @@ func (s *Server) NextProto(key string, nph ServeHandler) {
if s.nextProtos == nil {
s.nextProtos = make(map[string]ServeHandler)
}
s.configTLS()
s.tlsConfig.NextProtos = append(s.tlsConfig.NextProtos, key)
s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, key)
s.nextProtos[key] = nph
}
@@ -1624,19 +1635,19 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
s.mu.Unlock()
return err
}
if s.tlsConfig == nil {
if s.TLSConfig == nil {
s.mu.Unlock()
return errNoCertOrKeyProvided
}
// BuildNameToCertificate has been deprecated since 1.14.
// But since we also support older versions we'll keep this here.
s.tlsConfig.BuildNameToCertificate() //nolint:staticcheck
s.TLSConfig.BuildNameToCertificate() //nolint:staticcheck
s.mu.Unlock()
return s.Serve(
tls.NewListener(ln, s.tlsConfig),
tls.NewListener(ln, s.TLSConfig.Clone()),
)
}
@@ -1654,19 +1665,19 @@ func (s *Server) ServeTLSEmbed(ln net.Listener, certData, keyData []byte) error
s.mu.Unlock()
return err
}
if s.tlsConfig == nil {
if s.TLSConfig == nil {
s.mu.Unlock()
return errNoCertOrKeyProvided
}
// BuildNameToCertificate has been deprecated since 1.14.
// But since we also support older versions we'll keep this here.
s.tlsConfig.BuildNameToCertificate() //nolint:staticcheck
s.TLSConfig.BuildNameToCertificate() //nolint:staticcheck
s.mu.Unlock()
return s.Serve(
tls.NewListener(ln, s.tlsConfig),
tls.NewListener(ln, s.TLSConfig.Clone()),
)
}
@@ -1685,8 +1696,8 @@ func (s *Server) AppendCert(certFile, keyFile string) error {
}
s.configTLS()
s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
s.tlsConfig.Certificates = append(s.tlsConfig.Certificates, cert)
return nil
}
@@ -1703,16 +1714,14 @@ func (s *Server) AppendCertEmbed(certData, keyData []byte) error {
}
s.configTLS()
s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
s.tlsConfig.Certificates = append(s.tlsConfig.Certificates, cert)
return nil
}
func (s *Server) configTLS() {
if s.tlsConfig == nil {
s.tlsConfig = &tls.Config{
PreferServerCipherSuites: true,
}
if s.TLSConfig == nil {
s.TLSConfig = &tls.Config{}
}
}