grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: specify "h2" as the alpn in xds creds (#4361)

This commit is contained in:
Easwar Swaminathan 2021-04-22 14:58:58 -07:00 committed by GitHub
parent 7276af6dd7
commit f02863c306
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internal/credentials/xds/handshake_info.go
View File

@ -138,7 +138,10 @@ func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config,
// Currently the Go stdlib does complete verification of the cert (which // Currently the Go stdlib does complete verification of the cert (which
// includes hostname verification) or none. We are forced to go with the // includes hostname verification) or none. We are forced to go with the
// latter and perform the normal cert validation ourselves. // latter and perform the normal cert validation ourselves.
cfg := &tls.Config{InsecureSkipVerify: true} cfg := &tls.Config{
InsecureSkipVerify: true,
NextProtos: []string{"h2"},
}
km, err := rootProv.KeyMaterial(ctx) km, err := rootProv.KeyMaterial(ctx)
if err != nil { if err != nil {
@ -159,7 +162,10 @@ func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config,
// ServerSideTLSConfig constructs a tls.Config to be used in a server-side // ServerSideTLSConfig constructs a tls.Config to be used in a server-side
// handshake based on the contents of the HandshakeInfo. // handshake based on the contents of the HandshakeInfo.
func (hi *HandshakeInfo) ServerSideTLSConfig(ctx context.Context) (*tls.Config, error) { func (hi *HandshakeInfo) ServerSideTLSConfig(ctx context.Context) (*tls.Config, error) {
cfg := &tls.Config{ClientAuth: tls.NoClientCert} cfg := &tls.Config{
ClientAuth: tls.NoClientCert,
NextProtos: []string{"h2"},
}
hi.mu.Lock() hi.mu.Lock()
// On the server side, identityProvider is mandatory. RootProvider is // On the server side, identityProvider is mandatory. RootProvider is
// optional based on whether the server is doing TLS or mTLS. // optional based on whether the server is doing TLS or mTLS.