grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

advancedTLS: unset a deprecated field after copying it (#7239)

This commit is contained in:
Gregory Cooke 2024-05-21 00:25:48 -04:00 committed by GitHub
parent 2174ea60df
commit 2d2f417db3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/advancedtls/advancedtls.go
View File

@ -315,6 +315,9 @@ func (o *Options) clientConfig() (*tls.Config, error) {
// the setting int the right place.
if o.RootOptions.RootCACerts != nil {
o.RootOptions.RootCertificates = o.RootOptions.RootCACerts
// There are additional checks that only 1 field of `RootOptions` is
// non-nil, so set the deprecated field to nil
o.RootOptions.RootCACerts = nil
}
if o.VerificationType == SkipVerification && o.AdditionalPeerVerification == nil {
return nil, fmt.Errorf("client needs to provide custom verification mechanism if choose to skip default verification")
@ -425,6 +428,9 @@ func (o *Options) serverConfig() (*tls.Config, error) {
// the setting int the right place.
if o.RootOptions.RootCACerts != nil {
o.RootOptions.RootCertificates = o.RootOptions.RootCACerts
// There are additional checks that only 1 field of `RootOptions` is
// non-nil, so set the deprecated field to nil
o.RootOptions.RootCACerts = nil
}
if o.RequireClientCert && o.VerificationType == SkipVerification && o.AdditionalPeerVerification == nil {
return nil, fmt.Errorf("server needs to provide custom verification mechanism if choose to skip default verification, but require client certificate(s)")

16
security/advancedtls/advancedtls_test.go
View File

@ -188,6 +188,13 @@ func (s) TestClientOptionsConfigSuccessCases(t *testing.T) {
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
},
{
desc: "Deprecated option is set and forwarded",
clientVerificationType: CertVerification,
RootOptions: RootCertificateOptions{
RootCACerts: x509.NewCertPool(),
},
},
}
for _, test := range tests {
test := test
@ -351,6 +358,15 @@ func (s) TestServerOptionsConfigSuccessCases(t *testing.T) {
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS13,
},
{
desc: "Deprecated option is set and forwarded",
IdentityOptions: IdentityCertificateOptions{
Certificates: []tls.Certificate{},
},
RootOptions: RootCertificateOptions{
RootCACerts: x509.NewCertPool(),
},
},
}
for _, test := range tests {
test := test