diff options
| author |  Dominik Süß <dominik@suess.wtf> | 2025-02-06 12:14:37 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-02-06 12:14:37 +0100 |
| commit | dd094e401282e135989f57c0ca3dee7dea3f5207 (patch) | |
| tree | 74cb77830f621840273255a17565ced73b4fa997 /vendor/google.golang.org/grpc/credentials/tls.go | |
| parent | [feature] Use `X-Robots-Tag` headers to instruct scrapers/crawlers (#3737) (diff) | |
| download | gotosocial-dd094e401282e135989f57c0ca3dee7dea3f5207.tar.xz | |
[chore] update otel libraries (#3740)
* chore: update otel dependencies
* refactor: combine tracing & metrics in observability package
* chore: update example tracing compose file
Diffstat (limited to 'vendor/google.golang.org/grpc/credentials/tls.go')
| -rw-r--r-- | vendor/google.golang.org/grpc/credentials/tls.go | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go index 411435854..e163a473d 100644 --- a/vendor/google.golang.org/grpc/credentials/tls.go +++ b/vendor/google.golang.org/grpc/credentials/tls.go @@ -200,25 +200,40 @@ var tls12ForbiddenCipherSuites = map[uint16]struct{}{ // NewTLS uses c to construct a TransportCredentials based on TLS. func NewTLS(c *tls.Config) TransportCredentials { - tc := &tlsCreds{credinternal.CloneTLSConfig(c)} - tc.config.NextProtos = credinternal.AppendH2ToNextProtos(tc.config.NextProtos) + config := applyDefaults(c) + if config.GetConfigForClient != nil { + oldFn := config.GetConfigForClient + config.GetConfigForClient = func(hello *tls.ClientHelloInfo) (*tls.Config, error) { + cfgForClient, err := oldFn(hello) + if err != nil || cfgForClient == nil { + return cfgForClient, err + } + return applyDefaults(cfgForClient), nil + } + } + return &tlsCreds{config: config} +} + +func applyDefaults(c *tls.Config) *tls.Config { + config := credinternal.CloneTLSConfig(c) + config.NextProtos = credinternal.AppendH2ToNextProtos(config.NextProtos) // If the user did not configure a MinVersion and did not configure a // MaxVersion < 1.2, use MinVersion=1.2, which is required by // https://datatracker.ietf.org/doc/html/rfc7540#section-9.2 - if tc.config.MinVersion == 0 && (tc.config.MaxVersion == 0 || tc.config.MaxVersion >= tls.VersionTLS12) { - tc.config.MinVersion = tls.VersionTLS12 + if config.MinVersion == 0 && (config.MaxVersion == 0 || config.MaxVersion >= tls.VersionTLS12) { + config.MinVersion = tls.VersionTLS12 } // If the user did not configure CipherSuites, use all "secure" cipher // suites reported by the TLS package, but remove some explicitly forbidden // by https://datatracker.ietf.org/doc/html/rfc7540#appendix-A - if tc.config.CipherSuites == nil { + if config.CipherSuites == nil { for _, cs := range tls.CipherSuites() { if _, ok := tls12ForbiddenCipherSuites[cs.ID]; !ok { - tc.config.CipherSuites = append(tc.config.CipherSuites, cs.ID) + config.CipherSuites = append(config.CipherSuites, cs.ID) } } } - return tc + return config } // NewClientTLSFromCert constructs TLS credentials from the provided root |