crypto/tls: Clean up semantics of copying/immutability of tls.Config in 1.8. #16492
Comments
|
also #15771 |
quentinmit
changed the title
|
also #16228 |
|
CL https://golang.org/cl/28075 mentions this issue. |
In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes #15771 Updates #16228 (needs update in x/net/http2 before fixed) Updates #16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
The
|
quentinmit
added
the
NeedsFix
|
Maybe the right step is to make the exported Clone() skip the SessionTickets* variable? This would break session resumption on cloned Config, but that seems like less of a foot gun than having to discern what kind of copy we want. Also, I think the title of this issue should be amended to mention that DialWithDialer is currently racy. |
|
I think https://golang.org/cl/31595 (which didn't mention this issue) was the fix and the last piece of this bug. Closing. |
A function to copy a
tls.Configshould probably be exposed in 1.8 becausenet/httpcould use it. Also, the currentDialWithDialerfunction copies the config in order to set an SNI value, but that has a complex interaction if theConfigis being used for serving. Maybe that's an unreasonable use-case but, if so, what's reasonable could be better documented.The text was updated successfully, but these errors were encountered: