From 024f4ecd9838efbc25e1e1d5b6f487ddf26199a1 Mon Sep 17 00:00:00 2001
From: deads2k <deads@redhat.com>
Date: Fri, 11 Nov 2016 13:56:04 -0500
Subject: [PATCH] make spdy.roundtripper usable with UpgradeAwareProxyHandler

---
 pkg/util/httpstream/spdy/roundtripper.go |  5 +++++
 pkg/util/net/http.go                     |  6 ++++++
 pkg/util/net/http_test.go                | 21 +++++++++++++++++++++
 3 files changed, 32 insertions(+)

diff --git a/pkg/util/httpstream/spdy/roundtripper.go b/pkg/util/httpstream/spdy/roundtripper.go
index f8c6e36a586..3de17598939 100644
--- a/pkg/util/httpstream/spdy/roundtripper.go
+++ b/pkg/util/httpstream/spdy/roundtripper.go
@@ -72,6 +72,11 @@ func NewSpdyRoundTripper(tlsConfig *tls.Config) *SpdyRoundTripper {
 	return &SpdyRoundTripper{tlsConfig: tlsConfig}
 }
 
+// implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during proxying with a spdy roundtripper
+func (s *SpdyRoundTripper) TLSClientConfig() *tls.Config {
+	return s.tlsConfig
+}
+
 // dial dials the host specified by req, using TLS if appropriate, optionally
 // using a proxy server if one is configured via environment variables.
 func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) {
diff --git a/pkg/util/net/http.go b/pkg/util/net/http.go
index bfe2e09375a..c32082e9315 100644
--- a/pkg/util/net/http.go
+++ b/pkg/util/net/http.go
@@ -138,6 +138,10 @@ func CloneTLSConfig(cfg *tls.Config) *tls.Config {
 	}
 }
 
+type TLSClientConfigHolder interface {
+	TLSClientConfig() *tls.Config
+}
+
 func TLSClientConfig(transport http.RoundTripper) (*tls.Config, error) {
 	if transport == nil {
 		return nil, nil
@@ -146,6 +150,8 @@ func TLSClientConfig(transport http.RoundTripper) (*tls.Config, error) {
 	switch transport := transport.(type) {
 	case *http.Transport:
 		return transport.TLSClientConfig, nil
+	case TLSClientConfigHolder:
+		return transport.TLSClientConfig(), nil
 	case RoundTripperWrapper:
 		return TLSClientConfig(transport.WrappedRoundTripper())
 	default:
diff --git a/pkg/util/net/http_test.go b/pkg/util/net/http_test.go
index d797bebf7d7..0d76ba27c6c 100644
--- a/pkg/util/net/http_test.go
+++ b/pkg/util/net/http_test.go
@@ -218,3 +218,24 @@ func TestProxierWithNoProxyCIDR(t *testing.T) {
 		}
 	}
 }
+
+type fakeTLSClientConfigHolder struct {
+	called bool
+}
+
+func (f *fakeTLSClientConfigHolder) TLSClientConfig() *tls.Config {
+	f.called = true
+	return nil
+}
+func (f *fakeTLSClientConfigHolder) RoundTrip(*http.Request) (*http.Response, error) {
+	return nil, nil
+}
+
+func TestTLSClientConfigHolder(t *testing.T) {
+	rt := &fakeTLSClientConfigHolder{}
+	TLSClientConfig(rt)
+
+	if !rt.called {
+		t.Errorf("didn't find tls config")
+	}
+}