Merge pull request #42 from cmurphy/fix-close-conn

Skip closing an initializing connection
2025-05-31 19:06:16 +00:00 · 2021-10-27 08:35:21 -07:00 · 2021-10-27 08:35:21 -07:00 · 6b37dc1212
commit 6b37dc1212
parent 94e22490cf c7dd355394
1 changed files with 11 additions and 4 deletions
--- a/listener.go
+++ b/listener.go
@ -275,8 +275,9 @@ func (l *listener) wrap(conn net.Conn) net.Conn {

 type closeWrapper struct {
 	net.Conn
-	id int
-	l  *listener
+	id    int
+	l     *listener
+	ready bool
 }

 func (c *closeWrapper) close() error {
@ -291,13 +292,14 @@ func (c *closeWrapper) Close() error {
 }

 func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	newConn := hello.Conn
 	if hello.ServerName != "" {
 		if err := l.updateCert(hello.ServerName); err != nil {
 			return nil, err
 		}
 	}

-	return l.loadCert()
+	return l.loadCert(newConn.(*closeWrapper))
 }

 func (l *listener) updateCert(cn ...string) error {
@ -339,7 +341,7 @@ func (l *listener) updateCert(cn ...string) error {
 	return nil
 }

-func (l *listener) loadCert() (*tls.Certificate, error) {
+func (l *listener) loadCert(currentConn *closeWrapper) (*tls.Certificate, error) {
 	l.RLock()
 	defer l.RUnlock()

@ -373,8 +375,13 @@ func (l *listener) loadCert() (*tls.Certificate, error) {
 	if l.conns != nil && l.cert != nil {
 		l.connLock.Lock()
 		for _, conn := range l.conns {
+			// Don't close a connection that's in the middle of completing a TLS handshake
+			if !conn.ready {
+				continue
+			}
 			_ = conn.close()
 		}
+		l.conns[currentConn.id].ready = true
 		l.connLock.Unlock()
 	}