Merge pull request #44961 from mikedanese/fix-clone

Automatic merge from submit-queue (batch tested with PRs 45033, 44961, 45021, 45097, 44938)

replace CloneTLSConfig() with (*tls.Config).Clone()
This commit is contained in:
Kubernetes Submit Queue 2017-04-28 13:16:40 -07:00 committed by GitHub
commit 90d5fbca94
4 changed files with 2 additions and 96 deletions

View File

@ -19,10 +19,7 @@ go_test(
],
library = ":go_default_library",
tags = ["automanaged"],
deps = [
"//vendor/github.com/spf13/pflag:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
],
deps = ["//vendor/github.com/spf13/pflag:go_default_library"],
)
go_library(

View File

@ -112,34 +112,6 @@ func DialerFor(transport http.RoundTripper) (DialFunc, error) {
}
}
// CloneTLSConfig returns a tls.Config with all exported fields except SessionTicketsDisabled and SessionTicketKey copied.
// This makes it safe to call CloneTLSConfig on a config in active use by a server.
// TODO: replace with tls.Config#Clone when we move to go1.8
func CloneTLSConfig(cfg *tls.Config) *tls.Config {
if cfg == nil {
return &tls.Config{}
}
return &tls.Config{
Rand: cfg.Rand,
Time: cfg.Time,
Certificates: cfg.Certificates,
NameToCertificate: cfg.NameToCertificate,
GetCertificate: cfg.GetCertificate,
RootCAs: cfg.RootCAs,
NextProtos: cfg.NextProtos,
ServerName: cfg.ServerName,
ClientAuth: cfg.ClientAuth,
ClientCAs: cfg.ClientCAs,
InsecureSkipVerify: cfg.InsecureSkipVerify,
CipherSuites: cfg.CipherSuites,
PreferServerCipherSuites: cfg.PreferServerCipherSuites,
ClientSessionCache: cfg.ClientSessionCache,
MinVersion: cfg.MinVersion,
MaxVersion: cfg.MaxVersion,
CurvePreferences: cfg.CurvePreferences,
}
}
type TLSClientConfigHolder interface {
TLSClientConfig() *tls.Config
}

View File

@ -25,72 +25,9 @@ import (
"net/url"
"os"
"reflect"
"runtime"
"strings"
"testing"
"k8s.io/apimachinery/pkg/util/sets"
)
func TestCloneTLSConfig(t *testing.T) {
expected := sets.NewString(
// These fields are copied in CloneTLSConfig
"Rand",
"Time",
"Certificates",
"RootCAs",
"NextProtos",
"ServerName",
"InsecureSkipVerify",
"CipherSuites",
"PreferServerCipherSuites",
"MinVersion",
"MaxVersion",
"CurvePreferences",
"NameToCertificate",
"GetCertificate",
"ClientAuth",
"ClientCAs",
"ClientSessionCache",
// These fields are not copied
"SessionTicketsDisabled",
"SessionTicketKey",
// These fields are unexported
"serverInitOnce",
"mutex",
"sessionTicketKeys",
// go1.8
"DynamicRecordSizingDisabled",
"GetClientCertificate",
"GetConfigForClient",
"KeyLogWriter",
"Renegotiation",
"VerifyPeerCertificate",
"originalConfig",
)
// See #33936.
if strings.HasPrefix(runtime.Version(), "go1.7") {
expected.Insert("DynamicRecordSizingDisabled", "Renegotiation")
}
fields := sets.NewString()
structType := reflect.TypeOf(tls.Config{})
for i := 0; i < structType.NumField(); i++ {
fields.Insert(structType.Field(i).Name)
}
if missing := expected.Difference(fields); len(missing) > 0 {
t.Errorf("Expected fields that were not seen in http.Transport: %v", missing.List())
}
if extra := fields.Difference(expected); len(extra) > 0 {
t.Errorf("New fields seen in http.Transport: %v\nAdd to CopyClientTLSConfig if client-relevant, then add to expected list in TestCopyClientTLSConfig", extra.List())
}
}
func TestGetClientIP(t *testing.T) {
ipString := "10.0.0.1"
ip := net.ParseIP(ipString)

View File

@ -69,7 +69,7 @@ func DialURL(url *url.URL, transport http.RoundTripper) (net.Conn, error) {
inferredHost = host
}
// Make a copy to avoid polluting the provided config
tlsConfigCopy := utilnet.CloneTLSConfig(tlsConfig)
tlsConfigCopy := tlsConfig.Clone()
tlsConfigCopy.ServerName = inferredHost
tlsConfig = tlsConfigCopy
}