fallback

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package fallback provides default implementations of fallback options when S2A fails.

Index

Constants

This section is empty.

Variables

View Source 
var FallbackTLSConfigGRPC = tls.Config{
	MinVersion:         tls.VersionTLS13,
	ClientSessionCache: nil,
	NextProtos:         []string{alpnProtoStrH2},
}

FallbackTLSConfigGRPC is a tls.Config used by the DefaultFallbackClientHandshakeFunc function. It supports GRPC use case, thus the alpn is set to 'h2'.

View Source 
var FallbackTLSConfigHTTP = tls.Config{
	MinVersion:         tls.VersionTLS13,
	ClientSessionCache: nil,
	NextProtos:         []string{alpnProtoStrH2, alpnProtoStrHTTP},
}

FallbackTLSConfigHTTP is a tls.Config used by the DefaultFallbackDialerAndAddress func. It supports the HTTP use case and the alpn is set to both 'http/1.1' and 'h2'.

Functions

func DefaultFallbackDialerAndAddress 

func DefaultFallbackDialerAndAddress(fallbackAddr string) (*tls.Dialer, string, error)

DefaultFallbackDialerAndAddress returns a TLS dialer and the network address to dial. Example use: 

    fallbackDialer, fallbackServerAddr := fallback.DefaultFallbackDialerAndAddress(fallbackAddr)
	dialTLSContext := s2a.NewS2aDialTLSContextFunc(&s2a.ClientOptions{
		S2AAddress:         s2aAddress, // required
		FallbackOpts: &s2a.FallbackOptions{
			FallbackDialer: &s2a.FallbackDialer{
				Dialer:     fallbackDialer,
				ServerAddr: fallbackServerAddr,
			},
		},
})

The fallback server's certificate should be verifiable using OS root store. The fallbackAddr is expected to be a network address, e.g. example.com:port. If port is not specified, it uses default port 443. In the returned function's TLS config, ClientSessionCache is explicitly set to nil to disable TLS resumption, and min TLS version is set to 1.3.

Types

type ClientHandshake 

type ClientHandshake func(ctx context.Context, targetServer string, conn net.Conn, err error) (net.Conn, credentials.AuthInfo, error)

ClientHandshake establishes a TLS connection and returns it, plus its auth info. Inputs: 

targetServer: the server attempted with S2A.
conn: the tcp connection to the server at address targetServer that was passed into S2A's ClientHandshake func.
            If fallback is successful, the `conn` should be closed.
err: the error encountered when performing the client-side TLS handshake with S2A.

func DefaultFallbackClientHandshakeFunc 

func DefaultFallbackClientHandshakeFunc(fallbackAddr string) (ClientHandshake, error)

DefaultFallbackClientHandshakeFunc returns a ClientHandshake function, which establishes a TLS connection to the provided fallbackAddr, returns the new connection and its auth info. Example use: 

transportCreds, _ = s2a.NewClientCreds(&s2a.ClientOptions{
	S2AAddress: s2aAddress,
	FallbackOpts: &s2a.FallbackOptions{ // optional
		FallbackClientHandshakeFunc: fallback.DefaultFallbackClientHandshakeFunc(fallbackAddr),
	},
})

The fallback server's certificate must be verifiable using OS root store. The fallbackAddr is expected to be a network address, e.g. example.com:port. If port is not specified, it uses default port 443. In the returned function's TLS config, ClientSessionCache is explicitly set to nil to disable TLS resumption, and min TLS version is set to 1.3.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.