mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Merge pull request #44961 from mikedanese/fix-clone
Automatic merge from submit-queue (batch tested with PRs 45033, 44961, 45021, 45097, 44938) replace CloneTLSConfig() with (*tls.Config).Clone()
This commit is contained in:
commit
90d5fbca94
@ -19,10 +19,7 @@ go_test(
|
||||
],
|
||||
library = ":go_default_library",
|
||||
tags = ["automanaged"],
|
||||
deps = [
|
||||
"//vendor/github.com/spf13/pflag:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
||||
],
|
||||
deps = ["//vendor/github.com/spf13/pflag:go_default_library"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
|
@ -112,34 +112,6 @@ func DialerFor(transport http.RoundTripper) (DialFunc, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// CloneTLSConfig returns a tls.Config with all exported fields except SessionTicketsDisabled and SessionTicketKey copied.
|
||||
// This makes it safe to call CloneTLSConfig on a config in active use by a server.
|
||||
// TODO: replace with tls.Config#Clone when we move to go1.8
|
||||
func CloneTLSConfig(cfg *tls.Config) *tls.Config {
|
||||
if cfg == nil {
|
||||
return &tls.Config{}
|
||||
}
|
||||
return &tls.Config{
|
||||
Rand: cfg.Rand,
|
||||
Time: cfg.Time,
|
||||
Certificates: cfg.Certificates,
|
||||
NameToCertificate: cfg.NameToCertificate,
|
||||
GetCertificate: cfg.GetCertificate,
|
||||
RootCAs: cfg.RootCAs,
|
||||
NextProtos: cfg.NextProtos,
|
||||
ServerName: cfg.ServerName,
|
||||
ClientAuth: cfg.ClientAuth,
|
||||
ClientCAs: cfg.ClientCAs,
|
||||
InsecureSkipVerify: cfg.InsecureSkipVerify,
|
||||
CipherSuites: cfg.CipherSuites,
|
||||
PreferServerCipherSuites: cfg.PreferServerCipherSuites,
|
||||
ClientSessionCache: cfg.ClientSessionCache,
|
||||
MinVersion: cfg.MinVersion,
|
||||
MaxVersion: cfg.MaxVersion,
|
||||
CurvePreferences: cfg.CurvePreferences,
|
||||
}
|
||||
}
|
||||
|
||||
type TLSClientConfigHolder interface {
|
||||
TLSClientConfig() *tls.Config
|
||||
}
|
||||
|
@ -25,72 +25,9 @@ import (
|
||||
"net/url"
|
||||
"os"
|
||||
"reflect"
|
||||
"runtime"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
)
|
||||
|
||||
func TestCloneTLSConfig(t *testing.T) {
|
||||
expected := sets.NewString(
|
||||
// These fields are copied in CloneTLSConfig
|
||||
"Rand",
|
||||
"Time",
|
||||
"Certificates",
|
||||
"RootCAs",
|
||||
"NextProtos",
|
||||
"ServerName",
|
||||
"InsecureSkipVerify",
|
||||
"CipherSuites",
|
||||
"PreferServerCipherSuites",
|
||||
"MinVersion",
|
||||
"MaxVersion",
|
||||
"CurvePreferences",
|
||||
"NameToCertificate",
|
||||
"GetCertificate",
|
||||
"ClientAuth",
|
||||
"ClientCAs",
|
||||
"ClientSessionCache",
|
||||
|
||||
// These fields are not copied
|
||||
"SessionTicketsDisabled",
|
||||
"SessionTicketKey",
|
||||
|
||||
// These fields are unexported
|
||||
"serverInitOnce",
|
||||
"mutex",
|
||||
"sessionTicketKeys",
|
||||
|
||||
// go1.8
|
||||
"DynamicRecordSizingDisabled",
|
||||
"GetClientCertificate",
|
||||
"GetConfigForClient",
|
||||
"KeyLogWriter",
|
||||
"Renegotiation",
|
||||
"VerifyPeerCertificate",
|
||||
"originalConfig",
|
||||
)
|
||||
|
||||
// See #33936.
|
||||
if strings.HasPrefix(runtime.Version(), "go1.7") {
|
||||
expected.Insert("DynamicRecordSizingDisabled", "Renegotiation")
|
||||
}
|
||||
|
||||
fields := sets.NewString()
|
||||
structType := reflect.TypeOf(tls.Config{})
|
||||
for i := 0; i < structType.NumField(); i++ {
|
||||
fields.Insert(structType.Field(i).Name)
|
||||
}
|
||||
|
||||
if missing := expected.Difference(fields); len(missing) > 0 {
|
||||
t.Errorf("Expected fields that were not seen in http.Transport: %v", missing.List())
|
||||
}
|
||||
if extra := fields.Difference(expected); len(extra) > 0 {
|
||||
t.Errorf("New fields seen in http.Transport: %v\nAdd to CopyClientTLSConfig if client-relevant, then add to expected list in TestCopyClientTLSConfig", extra.List())
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetClientIP(t *testing.T) {
|
||||
ipString := "10.0.0.1"
|
||||
ip := net.ParseIP(ipString)
|
||||
|
@ -69,7 +69,7 @@ func DialURL(url *url.URL, transport http.RoundTripper) (net.Conn, error) {
|
||||
inferredHost = host
|
||||
}
|
||||
// Make a copy to avoid polluting the provided config
|
||||
tlsConfigCopy := utilnet.CloneTLSConfig(tlsConfig)
|
||||
tlsConfigCopy := tlsConfig.Clone()
|
||||
tlsConfigCopy.ServerName = inferredHost
|
||||
tlsConfig = tlsConfigCopy
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user