Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: Serve violates tls.Config immutability promise #15908

Closed
FiloSottile opened this issue May 31, 2016 · 4 comments
Closed

net/http: Serve violates tls.Config immutability promise #15908

FiloSottile opened this issue May 31, 2016 · 4 comments
Assignees
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented May 31, 2016

From tls.Confg docs:

After one has been passed to a TLS function it must not be modified.

But calling Serve will call setupHTTP2, which calls http2ConfigureServer, which will modify the tls.Config. Since by the time you call Serve you must have already called tls.Listen, the immutability promise is broken.

I don't think anything relies on it yet, but nothing stops someone from for example caching the NextProtos in crypto/tls.Listen or something, breaking the setupHTTP2 magic.

@tombergan

This comment has been minimized.

Copy link
Contributor

@tombergan tombergan commented Jun 2, 2016

This might be a dup of Issue #15771

@adg

This comment has been minimized.

Copy link
Contributor

@adg adg commented Jun 7, 2016

I'm not sure what, if anything, can be done about this before the 1.7 release.

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Jun 27, 2016

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Jun 28, 2016

CL https://golang.org/cl/24508 mentions this issue.

@gopherbot gopherbot closed this in b5f0aff Jun 28, 2016
gopherbot pushed a commit that referenced this issue Aug 2, 2016
Fixes #16550
Updates #15908

Change-Id: Ic951080dbc88f96e4c00cdb3ffe24a5c03079efd
Reviewed-on: https://go-review.googlesource.com/25389
Reviewed-by: Chris Broadfoot <cbro@golang.org>
magiconair added a commit to fabiolb/fabio that referenced this issue Jan 16, 2017
This patch re-enables the HTTP/2 support
for go1.7 and beyond by setting the NextProto
field in the custom TLSConfig.

See golang/go#15908
magiconair added a commit to fabiolb/fabio that referenced this issue Jan 16, 2017
This patch re-enables the HTTP/2 support
for go1.7 and beyond by setting the NextProto
field in the custom TLSConfig.

See golang/go#15908
magiconair added a commit to fabiolb/fabio that referenced this issue Jan 16, 2017
This patch re-enables the HTTP/2 support
for go1.7 and beyond by setting the NextProto
field in the custom TLSConfig.

See golang/go#15908
magiconair added a commit to fabiolb/fabio that referenced this issue Jan 16, 2017
This patch re-enables the HTTP/2 support
for go1.7 and beyond by setting the NextProto
field in the custom TLSConfig.

See golang/go#15908
magiconair added a commit to fabiolb/fabio that referenced this issue Jan 17, 2017
This patch re-enables the HTTP/2 support
for go1.7 and beyond by setting the NextProto
field in the custom TLSConfig.

See golang/go#15908
magiconair added a commit to fabiolb/fabio that referenced this issue Jan 17, 2017
This patch re-enables the HTTP/2 support
for go1.7 and beyond by setting the NextProto
field in the custom TLSConfig.

See golang/go#15908
@golang golang locked and limited conversation to collaborators Jun 28, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.