net/http, crypto/tls: cloneTLSConfig is out of sync with tls.Config #15771
Comments
|
We could add a Clone method to TLSConfig, but where do we draw the line at adding clone methods to all types? I don't know. But let's fix up cloneTLSConfig for now. I thought it had a test for testing that all fields are cloned, but maybe I'm remembering a different clone test. We can keep this bug open for thinking of a better solution (and tests) in Go 1.8. |
|
CL https://golang.org/cl/23283 mentions this issue. |
Updates #15771 Change-Id: I5dad96bdca19d680dd00cbd17b72a03e43eb557e Reviewed-on: https://go-review.googlesource.com/23283 Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
|
See also @ianlancetaylor's https://go-review.googlesource.com/24287 (which adds a private *tls.Config.clone method) |
|
A GRPC recently stopped doing a naive copy of the |
|
@tombergan, @bdarnell, yeah, I'm sold at this point. We'll add one early in Go 1.8. |
|
KeyLogWriter was added in golang.org/cl/27434 too. |
|
Related: #16492. The implementation of Clone/Copy should be fairly trivial. Any volunteers to send a CL? |
|
On it. |
|
CL https://golang.org/cl/28075 mentions this issue. |
|
@bradfitz, with this change is it safe to clone an existing I am using Vault to manage my certificates internally and plan to rotate the certificates every 12 hours and would like to do the following: Rotate the root certificates in the Would it also be safe to do the same for the http client (clone |
In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes golang#15771 Updates golang#16228 (needs update in x/net/http2 before fixed) Updates golang#16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes golang#15771 Updates golang#16228 (needs update in x/net/http2 before fixed) Updates golang#16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
I added a new tls.Config field in Issue #14376
https://tip.golang.org/src/crypto/tls/common.go#L384
but didn't know I needed to update cloneTLSConfig
https://tip.golang.org/src/net/http/transport.go#L2014
Is there a reason to not add a Clone method to tls.Config? Cloning that struct from another package seems brittle. transport.go has a comment about a race between transport.go and tls.Server -- that race seems more simply resolved if tls.Server clones the config before mutating it internally. (There's also no comment on tls.Server saying that it will mutate the provided config, which makes the behavior surprising.)
/cc @bradfitz
The text was updated successfully, but these errors were encountered: