From a4eafeb1dd103f524059d12cd321ce4f8d24dcba Mon Sep 17 00:00:00 2001 From: gak Date: Tue, 16 Jul 2024 12:39:47 +1000 Subject: [PATCH] feat: hidden http/1.1 mode --- internal/rpc/rpc.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/internal/rpc/rpc.go b/internal/rpc/rpc.go index 61c443bc76..fdba30505b 100644 --- a/internal/rpc/rpc.go +++ b/internal/rpc/rpc.go @@ -7,6 +7,7 @@ import ( "fmt" "net" "net/http" + "os" "strings" "time" @@ -52,6 +53,23 @@ func InitialiseClients(authenticators map[string]string, allowInsecure bool) { }, }, authenticators), } + + // Use a separate client for HTTP/1.1 with TLS. + http1TLSClient = &http.Client{ + Transport: authn.Transport(&http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: allowInsecure, // #nosec G402 + }, + DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) { + logger := log.FromContext(ctx) + logger.Debugf("HTTP/1.1 connecting to %s %s", network, addr) + + tlsDialer := tls.Dialer{NetDialer: dialer} + conn, err := tlsDialer.DialContext(ctx, network, addr) + return conn, fmt.Errorf("HTTP/1.1 TLS dial failed: %w", err) + }, + }, authenticators), + } } func init() { @@ -64,6 +82,8 @@ var ( } h2cClient *http.Client tlsClient *http.Client + // Temporary client for HTTP/1.1 with TLS to help with debugging. + http1TLSClient *http.Client ) type Pingable interface { @@ -75,6 +95,12 @@ func GetHTTPClient(url string) *http.Client { if h2cClient == nil { panic("rpc.InitialiseClients() must be called before GetHTTPClient()") } + + // TEMP_GRPC_HTTP1_ONLY set to non blank will use http1TLSClient + if os.Getenv("TEMP_GRPC_HTTP1_ONLY") != "" { + return http1TLSClient + } + if strings.HasPrefix(url, "http://") { return h2cClient }