THRIFT-5996: connection check supports TLS sockets#3488
Conversation
| if connTLS, isTLS := rawConn.(*tls.Conn); isTLS { | ||
| rawConn = connTLS.NetConn() |
There was a problem hiding this comment.
in the jira ticket your proposal was to do this before trying to get syscallConn. is there a reason you flipped it to this approach?
I like that approach better because that way you don't have the next line that rewrites syscallConn, ok which is very error-prone (e.g. if you used ok instead of isTLS on line 45 that's a bug that's hard to spot).
There was a problem hiding this comment.
Thanks for the review! I agree that the version is more convoluted and thus error prone .
I wondered if it is likely that, in the future, Go team makes *tls.Config implement syscall.Conn directly, possibly to utilize https://docs.kernel.org/networking/tls-offload.html on Linux.
I though about this more and I believe that if something drastic like that happens, the syscall code may not work and we should unwrap the connection anyway.
I changed it back to the variant in JIRA. Please take another look.
There was a problem hiding this comment.
I reviewed golang/go#44506 - tracking kernel TLS support in Go . It is in state Proposal-Accepted but not implemented. A couple of people implemented crypto/tls forks as PoC. I think the point still stands - there is no value to check if tls.Conn implements syscall.Conn.
Client: go The connection check introduced in THRIFT-5214 now supports TLS connections using a technique from the code that initially inspired the check: go-sql-driver/mysql#934 Testing done: new test with alongside the existing test of conn. check
2 participants
Client: go
The connection check first introduced in THRIFT-5214 now supports TLS connections using a technique from the code that initially inspired the check:
go-sql-driver/mysql#934
Testing done: new test with alongside the existing test of conn. check