grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

credentials/tls: default GRPC_ENFORCE_ALPN_ENABLED to true (#7535)

This commit is contained in:
Arjan Singh Bal 2024-09-04 16:54:56 +05:30 committed by GitHub
parent 92111dc366
commit 70f19eecd1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
credentials/credentials_test.go
View File

@ -297,7 +297,10 @@ func tlsServerHandshake(conn net.Conn) (AuthInfo, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
serverTLSConfig := &tls.Config{Certificates: []tls.Certificate{cert}} serverTLSConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
NextProtos: []string{"h2"},
}
serverConn := tls.Server(conn, serverTLSConfig) serverConn := tls.Server(conn, serverTLSConfig)
err = serverConn.Handshake() err = serverConn.Handshake()
if err != nil { if err != nil {
@ -307,7 +310,10 @@ func tlsServerHandshake(conn net.Conn) (AuthInfo, error) {
} }
func tlsClientHandshake(conn net.Conn, _ string) (AuthInfo, error) { func tlsClientHandshake(conn net.Conn, _ string) (AuthInfo, error) {
clientTLSConfig := &tls.Config{InsecureSkipVerify: true} clientTLSConfig := &tls.Config{
InsecureSkipVerify: true, // NOLINT
NextProtos: []string{"h2"},
}
clientConn := tls.Client(conn, clientTLSConfig) clientConn := tls.Client(conn, clientTLSConfig)
if err := clientConn.Handshake(); err != nil { if err := clientConn.Handshake(); err != nil {
return nil, err return nil, err

5
credentials/xds/xds_client_test.go
View File

@ -146,7 +146,10 @@ func testServerTLSHandshake(rawConn net.Conn) handshakeResult {
if err != nil { if err != nil {
return handshakeResult{err: err} return handshakeResult{err: err}
} }
cfg := &tls.Config{Certificates: []tls.Certificate{cert}} cfg := &tls.Config{
Certificates: []tls.Certificate{cert},
NextProtos: []string{"h2"},
}
conn := tls.Server(rawConn, cfg) conn := tls.Server(rawConn, cfg)
if err := conn.Handshake(); err != nil { if err := conn.Handshake(); err != nil {
return handshakeResult{err: err} return handshakeResult{err: err}

1
credentials/xds/xds_server_test.go
View File

@ -66,6 +66,7 @@ func makeClientTLSConfig(t *testing.T, mTLS bool) *tls.Config {
// verification function. So, the server credentials tests will rely // verification function. So, the server credentials tests will rely
// solely on the success/failure of the server-side handshake. // solely on the success/failure of the server-side handshake.
InsecureSkipVerify: true, InsecureSkipVerify: true,
NextProtos: []string{"h2"},
} }
} }

2
internal/envconfig/envconfig.go
View File

@ -45,7 +45,7 @@ var (
// option is present for backward compatibility. This option may be overridden // option is present for backward compatibility. This option may be overridden
// by setting the environment variable "GRPC_ENFORCE_ALPN_ENABLED" to "true" // by setting the environment variable "GRPC_ENFORCE_ALPN_ENABLED" to "true"
// or "false". // or "false".
EnforceALPNEnabled = boolFromEnv("GRPC_ENFORCE_ALPN_ENABLED", false) EnforceALPNEnabled = boolFromEnv("GRPC_ENFORCE_ALPN_ENABLED", true)
// XDSFallbackSupport is the env variable that controls whether support for // XDSFallbackSupport is the env variable that controls whether support for
// xDS fallback is turned on. If this is unset or is false, only the first // xDS fallback is turned on. If this is unset or is false, only the first
// xDS server in the list of server configs will be used. // xDS server in the list of server configs will be used.