From dfb55b0436cf32f9b136a360b59c4f5b90461e24 Mon Sep 17 00:00:00 2001 From: david kydd Date: Mon, 4 Nov 2024 17:07:32 +1300 Subject: [PATCH 1/2] add next_protos support to tlsconfig Signed-off-by: david kydd --- config/http_config.go | 6 ++++++ config/testdata/tls_config.next_protos.good.json | 1 + config/testdata/tls_config.next_protos.good.yml | 1 + config/tls_config_test.go | 8 ++++++++ 4 files changed, 16 insertions(+) create mode 100644 config/testdata/tls_config.next_protos.good.json create mode 100644 config/testdata/tls_config.next_protos.good.yml diff --git a/config/http_config.go b/config/http_config.go index e6bdd4c0..75256053 100644 --- a/config/http_config.go +++ b/config/http_config.go @@ -1069,6 +1069,10 @@ func NewTLSConfigWithContext(ctx context.Context, cfg *TLSConfig, optFuncs ...TL tlsConfig.ServerName = cfg.ServerName } + if len(cfg.NextProtos) > 0 { + tlsConfig.NextProtos = cfg.NextProtos + } + // If a client cert & key is provided then configure TLS config accordingly. if cfg.usingClientCert() && cfg.usingClientKey() { // Verify that client cert and key are valid. @@ -1118,6 +1122,8 @@ type TLSConfig struct { MinVersion TLSVersion `yaml:"min_version,omitempty" json:"min_version,omitempty"` // Maximum TLS version. MaxVersion TLSVersion `yaml:"max_version,omitempty" json:"max_version,omitempty"` + // Additional ALPN protocols to be presented when connecting to the server. + NextProtos []string `yaml:"next_protos,omitempty" json:"next_protos,omitempty"` } // SetDirectory joins any relative file paths with dir. diff --git a/config/testdata/tls_config.next_protos.good.json b/config/testdata/tls_config.next_protos.good.json new file mode 100644 index 00000000..eb0ee352 --- /dev/null +++ b/config/testdata/tls_config.next_protos.good.json @@ -0,0 +1 @@ +{"next_protos": ["testproto1", "testproto2"]} \ No newline at end of file diff --git a/config/testdata/tls_config.next_protos.good.yml b/config/testdata/tls_config.next_protos.good.yml new file mode 100644 index 00000000..ccd8455c --- /dev/null +++ b/config/testdata/tls_config.next_protos.good.yml @@ -0,0 +1 @@ +next_protos: ["testproto1", "testproto2"] diff --git a/config/tls_config_test.go b/config/tls_config_test.go index 150c5619..a630d923 100644 --- a/config/tls_config_test.go +++ b/config/tls_config_test.go @@ -63,6 +63,10 @@ var expectedTLSConfigs = []struct { filename: "tls_config.insecure.good.json", config: &tls.Config{InsecureSkipVerify: true}, }, + { + filename: "tls_config.next_protos.good.json", + config: &tls.Config{NextProtos: []string{"testproto1", "testproto2"}}, + }, { filename: "tls_config.tlsversion.good.json", config: &tls.Config{MinVersion: tls.VersionTLS11}, @@ -79,6 +83,10 @@ var expectedTLSConfigs = []struct { filename: "tls_config.insecure.good.yml", config: &tls.Config{InsecureSkipVerify: true}, }, + { + filename: "tls_config.next_protos.good.yml", + config: &tls.Config{NextProtos: []string{"testproto1", "testproto2"}}, + }, { filename: "tls_config.tlsversion.good.yml", config: &tls.Config{MinVersion: tls.VersionTLS11}, From dda0b0641f92f2d83eba329e89eadfe7b1d91c0b Mon Sep 17 00:00:00 2001 From: david kydd Date: Mon, 4 Nov 2024 17:20:09 +1300 Subject: [PATCH 2/2] change test data to a non-synthetic use case Signed-off-by: david kydd --- config/testdata/tls_config.next_protos.good.json | 2 +- config/testdata/tls_config.next_protos.good.yml | 2 +- config/tls_config_test.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/testdata/tls_config.next_protos.good.json b/config/testdata/tls_config.next_protos.good.json index eb0ee352..beafa836 100644 --- a/config/testdata/tls_config.next_protos.good.json +++ b/config/testdata/tls_config.next_protos.good.json @@ -1 +1 @@ -{"next_protos": ["testproto1", "testproto2"]} \ No newline at end of file +{"next_protos": ["h2", "http/1.1"]} \ No newline at end of file diff --git a/config/testdata/tls_config.next_protos.good.yml b/config/testdata/tls_config.next_protos.good.yml index ccd8455c..e041d80f 100644 --- a/config/testdata/tls_config.next_protos.good.yml +++ b/config/testdata/tls_config.next_protos.good.yml @@ -1 +1 @@ -next_protos: ["testproto1", "testproto2"] +next_protos: ["h2", "http/1.1"] diff --git a/config/tls_config_test.go b/config/tls_config_test.go index a630d923..2c681c9b 100644 --- a/config/tls_config_test.go +++ b/config/tls_config_test.go @@ -65,7 +65,7 @@ var expectedTLSConfigs = []struct { }, { filename: "tls_config.next_protos.good.json", - config: &tls.Config{NextProtos: []string{"testproto1", "testproto2"}}, + config: &tls.Config{NextProtos: []string{"h2", "http/1.1"}}, }, { filename: "tls_config.tlsversion.good.json", @@ -85,7 +85,7 @@ var expectedTLSConfigs = []struct { }, { filename: "tls_config.next_protos.good.yml", - config: &tls.Config{NextProtos: []string{"testproto1", "testproto2"}}, + config: &tls.Config{NextProtos: []string{"h2", "http/1.1"}}, }, { filename: "tls_config.tlsversion.good.yml",