mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 21:47:07 +00:00
Merge pull request #44961 from mikedanese/fix-clone
Automatic merge from submit-queue (batch tested with PRs 45033, 44961, 45021, 45097, 44938) replace CloneTLSConfig() with (*tls.Config).Clone()
This commit is contained in:
Kubernetes Submit Queue
GitHub
commit
90d5fbca94
@ -19,10 +19,7 @@ go_test(
|
|||||||
],
|
],
|
||||||
library = ":go_default_library",
|
library = ":go_default_library",
|
||||||
tags = ["automanaged"],
|
tags = ["automanaged"],
|
||||||
deps = [
|
deps = ["//vendor/github.com/spf13/pflag:go_default_library"],
|
||||||
"//vendor/github.com/spf13/pflag:go_default_library",
|
|
||||||
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
|
||||||
],
|
|
||||||
)
|
)
|
||||||
|
|
||||||
go_library(
|
go_library(
|
||||||
|
|||||||
@ -112,34 +112,6 @@ func DialerFor(transport http.RoundTripper) (DialFunc, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// CloneTLSConfig returns a tls.Config with all exported fields except SessionTicketsDisabled and SessionTicketKey copied.
|
|
||||||
// This makes it safe to call CloneTLSConfig on a config in active use by a server.
|
|
||||||
// TODO: replace with tls.Config#Clone when we move to go1.8
|
|
||||||
func CloneTLSConfig(cfg *tls.Config) *tls.Config {
|
|
||||||
if cfg == nil {
|
|
||||||
return &tls.Config{}
|
|
||||||
}
|
|
||||||
return &tls.Config{
|
|
||||||
Rand: cfg.Rand,
|
|
||||||
Time: cfg.Time,
|
|
||||||
Certificates: cfg.Certificates,
|
|
||||||
NameToCertificate: cfg.NameToCertificate,
|
|
||||||
GetCertificate: cfg.GetCertificate,
|
|
||||||
RootCAs: cfg.RootCAs,
|
|
||||||
NextProtos: cfg.NextProtos,
|
|
||||||
ServerName: cfg.ServerName,
|
|
||||||
ClientAuth: cfg.ClientAuth,
|
|
||||||
ClientCAs: cfg.ClientCAs,
|
|
||||||
InsecureSkipVerify: cfg.InsecureSkipVerify,
|
|
||||||
CipherSuites: cfg.CipherSuites,
|
|
||||||
PreferServerCipherSuites: cfg.PreferServerCipherSuites,
|
|
||||||
ClientSessionCache: cfg.ClientSessionCache,
|
|
||||||
MinVersion: cfg.MinVersion,
|
|
||||||
MaxVersion: cfg.MaxVersion,
|
|
||||||
CurvePreferences: cfg.CurvePreferences,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
type TLSClientConfigHolder interface {
|
type TLSClientConfigHolder interface {
|
||||||
TLSClientConfig() *tls.Config
|
TLSClientConfig() *tls.Config
|
||||||
}
|
}
|
||||||
|
|||||||
@ -25,72 +25,9 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"reflect"
|
"reflect"
|
||||||
"runtime"
|
|
||||||
"strings"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestCloneTLSConfig(t *testing.T) {
|
|
||||||
expected := sets.NewString(
|
|
||||||
// These fields are copied in CloneTLSConfig
|
|
||||||
"Rand",
|
|
||||||
"Time",
|
|
||||||
"Certificates",
|
|
||||||
"RootCAs",
|
|
||||||
"NextProtos",
|
|
||||||
"ServerName",
|
|
||||||
"InsecureSkipVerify",
|
|
||||||
"CipherSuites",
|
|
||||||
"PreferServerCipherSuites",
|
|
||||||
"MinVersion",
|
|
||||||
"MaxVersion",
|
|
||||||
"CurvePreferences",
|
|
||||||
"NameToCertificate",
|
|
||||||
"GetCertificate",
|
|
||||||
"ClientAuth",
|
|
||||||
"ClientCAs",
|
|
||||||
"ClientSessionCache",
|
|
||||||
|
|
||||||
// These fields are not copied
|
|
||||||
"SessionTicketsDisabled",
|
|
||||||
"SessionTicketKey",
|
|
||||||
|
|
||||||
// These fields are unexported
|
|
||||||
"serverInitOnce",
|
|
||||||
"mutex",
|
|
||||||
"sessionTicketKeys",
|
|
||||||
|
|
||||||
// go1.8
|
|
||||||
"DynamicRecordSizingDisabled",
|
|
||||||
"GetClientCertificate",
|
|
||||||
"GetConfigForClient",
|
|
||||||
"KeyLogWriter",
|
|
||||||
"Renegotiation",
|
|
||||||
"VerifyPeerCertificate",
|
|
||||||
"originalConfig",
|
|
||||||
)
|
|
||||||
|
|
||||||
// See #33936.
|
|
||||||
if strings.HasPrefix(runtime.Version(), "go1.7") {
|
|
||||||
expected.Insert("DynamicRecordSizingDisabled", "Renegotiation")
|
|
||||||
}
|
|
||||||
|
|
||||||
fields := sets.NewString()
|
|
||||||
structType := reflect.TypeOf(tls.Config{})
|
|
||||||
for i := 0; i < structType.NumField(); i++ {
|
|
||||||
fields.Insert(structType.Field(i).Name)
|
|
||||||
}
|
|
||||||
|
|
||||||
if missing := expected.Difference(fields); len(missing) > 0 {
|
|
||||||
t.Errorf("Expected fields that were not seen in http.Transport: %v", missing.List())
|
|
||||||
}
|
|
||||||
if extra := fields.Difference(expected); len(extra) > 0 {
|
|
||||||
t.Errorf("New fields seen in http.Transport: %v\nAdd to CopyClientTLSConfig if client-relevant, then add to expected list in TestCopyClientTLSConfig", extra.List())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestGetClientIP(t *testing.T) {
|
func TestGetClientIP(t *testing.T) {
|
||||||
ipString := "10.0.0.1"
|
ipString := "10.0.0.1"
|
||||||
ip := net.ParseIP(ipString)
|
ip := net.ParseIP(ipString)
|
||||||
|
|||||||
@ -69,7 +69,7 @@ func DialURL(url *url.URL, transport http.RoundTripper) (net.Conn, error) {
|
|||||||
inferredHost = host
|
inferredHost = host
|
||||||
}
|
}
|
||||||
// Make a copy to avoid polluting the provided config
|
// Make a copy to avoid polluting the provided config
|
||||||
tlsConfigCopy := utilnet.CloneTLSConfig(tlsConfig)
|
tlsConfigCopy := tlsConfig.Clone()
|
||||||
tlsConfigCopy.ServerName = inferredHost
|
tlsConfigCopy.ServerName = inferredHost
|
||||||
tlsConfig = tlsConfigCopy
|
tlsConfig = tlsConfigCopy
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user