Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: add request context to ClientHelloInfo and CertificateRequestInfo #32406

Open
johanbrandhorst opened this issue Jun 3, 2019 · 6 comments

Comments

Projects
None yet
5 participants
@johanbrandhorst
Copy link
Member

commented Jun 3, 2019

In recent Go releases, we've been able to use the handy GetCertificate and GetClientCertificate methods of the *tls.Config to dynamically control certificate management in Go apps. This is fantastic, and has lead to things like https://godoc.org/golang.org/x/crypto/acme/autocert and https://github.com/johanbrandhorst/certify which are somewhat unique to the Go ecosystem.

Unfortunately, one glaring omission from the API is a connection context for cancellation and request scoped variable propagation. This means users have to implement custom timeouts or block their TLS connections forever in case of problems. It also means powerful tools like tracing and metrics that make use of the context cannot be used.

I propose a context.Context field is added to the ClientHelloInfo and CertificateRequestInfo types.

cc @FiloSottile @bradfitz

@agnivade agnivade changed the title crypto/tls: add request context to ClientHelloInfo and CertificateRequestInfo proposal: crypto/tls: add request context to ClientHelloInfo and CertificateRequestInfo Jun 3, 2019

@gopherbot gopherbot added this to the Proposal milestone Jun 3, 2019

@gopherbot gopherbot added the Proposal label Jun 3, 2019

@FiloSottile

This comment has been minimized.

Copy link
Member

commented Jun 4, 2019

It would help if you could elaborate on the various use cases: what you are trying to do in each situation, what doesn't work at the moment, and how a context would help.

I've in the past wanted to surface details of the ClientHelloInfo to net/http Handlers, so I can see the use case, but I'd like to build a generic solution.

@johanbrandhorst

This comment has been minimized.

Copy link
Member Author

commented Jun 4, 2019

My use case specifically is to allow my library (certify) to cancel its outgoing requests if the incoming connection is closed. Additionally, it would allow detailed tracing to capture the latency cost of dynamically provisioned TLS certificates, something that is currently hidden inside the TLS handshake time in the standard library. Simply having a context associated with the underlying connection that could be used in outgoing net/http requests would be enough.

@bradfitz

This comment has been minimized.

Copy link
Member

commented Jun 4, 2019

@johanbrandhorst, sounds like good reasons. For the same reason we didn't add a Context struct field to net/http.Request and used a method instead, we should instead add a Context method to crypto/tls.ClientHelloInfo.

@johanbrandhorst

This comment has been minimized.

Copy link
Member Author

commented Jun 4, 2019

OK, I will attempt to implement this.

@johanbrandhorst

This comment has been minimized.

Copy link
Member Author

commented Jun 4, 2019

Do the tags need updating?

@gopherbot

This comment has been minimized.

Copy link

commented Jun 6, 2019

Change https://golang.org/cl/181097 mentions this issue: crypto/tls, net/http: add context to tls structs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.