github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #109750 from aojea/spdy_tls

Browse Source 
spdyroundtripper: don't need to verify server hostname twice
This commit is contained in:
Kubernetes Prow Robot
2022-05-05 01:42:59 -07:00
committed by GitHub
parent 794d3ab686 00a60426e7
commit 43575888fd
1 changed files with 1 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
staging/src/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
View File

@@ -264,17 +264,8 @@ func (s *SpdyRoundTripper) tlsConn(ctx context.Context, rwc net.Conn, targetHost
tlsConn := tls.Client(rwc, tlsConfig)
// need to manually call Handshake() so we can call VerifyHostname() below
if err := tlsConn.HandshakeContext(ctx); err != nil {
return nil, err
}
// Return if we were configured to skip validation
if tlsConfig.InsecureSkipVerify {
return tlsConn, nil
}
if err := tlsConn.VerifyHostname(tlsConfig.ServerName); err != nil {
tlsConn.Close()
return nil, err
}
@@ -306,23 +297,6 @@ func (s *SpdyRoundTripper) dialWithoutProxy(ctx context.Context, url *url.URL) (
return nil, err
}
// Return if we were configured to skip validation
if s.tlsConfig != nil && s.tlsConfig.InsecureSkipVerify {
return conn, nil
}
host, _, err := net.SplitHostPort(dialAddr)
if err != nil {
return nil, err
}
if s.tlsConfig != nil && len(s.tlsConfig.ServerName) > 0 {
host = s.tlsConfig.ServerName
}
err = conn.VerifyHostname(host)
if err != nil {
return nil, err
}
return conn, nil
}