From 2dff491639fe84d1dea8f00f94e58b5e2a49a58e Mon Sep 17 00:00:00 2001 From: Daniel Cannon Date: Tue, 14 Apr 2015 19:30:29 +0100 Subject: [PATCH 1/4] add basic support for SSL connections with CA cert validation --- CHANGELOG.md | 1 + connection.go | 17 ++++++++++++++++- session.go | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f308ad3e..208cdc23 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,7 @@ For more details checkout the [README](https://github.com/dancannon/gorethink/bl - Changed driver to use the v0.4 protocol (used to use v0.3). - Fixed geometry tests not properly checking the expected results. - Fixed bug causing nil pointer panics when using an `Unmarshaler` +- Fixed dropped millisecond precision if given value is too old ## v0.6.3 - 2015-03-04 ### Added diff --git a/connection.go b/connection.go index b95df74e..d66eb5dd 100644 --- a/connection.go +++ b/connection.go @@ -1,10 +1,13 @@ package gorethink import ( + "crypto/tls" + "crypto/x509" "encoding/binary" "encoding/json" "io" "net" + "strings" "sync/atomic" "time" @@ -49,7 +52,19 @@ func NewConnection(address string, opts *ConnectOpts) (*Connection, error) { } // Connect to Server nd := net.Dialer{Timeout: c.opts.Timeout} - c.conn, err = nd.Dial("tcp", address) + if !c.opts.SSL { + c.conn, err = nd.Dial("tcp", address) + } else { + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(c.opts.CaCert)) + if !ok { + panic("failed to parse root certificate") + } + c.conn, err = tls.DialWithDialer(&nd, "tcp", address, &tls.Config{ + RootCAs: roots, + ServerName: strings.Split(address, ":")[0], + }) + } if err != nil { return nil, err } diff --git a/session.go b/session.go index 72f5771b..62679382 100644 --- a/session.go +++ b/session.go @@ -22,6 +22,8 @@ type ConnectOpts struct { Database string `gorethink:"database,omitempty"` AuthKey string `gorethink:"authkey,omitempty"` Timeout time.Duration `gorethink:"timeout,omitempty"` + SSL bool `gorethink:"ssl",omitempty"` + CaCert string `gorethink:"cacert",omitempty"` MaxIdle int `gorethink:"max_idle,omitempty"` MaxOpen int `gorethink:"max_open,omitempty"` From 2865eac31a4f5366cc2525503ac429e76a2e5e77 Mon Sep 17 00:00:00 2001 From: JP Date: Sat, 18 Apr 2015 19:44:10 -0500 Subject: [PATCH 2/4] CaCert -> CACert, return err on cert parse issue --- connection.go | 5 +++-- session.go | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/connection.go b/connection.go index d66eb5dd..af7994f2 100644 --- a/connection.go +++ b/connection.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "encoding/binary" "encoding/json" + "errors" "io" "net" "strings" @@ -56,9 +57,9 @@ func NewConnection(address string, opts *ConnectOpts) (*Connection, error) { c.conn, err = nd.Dial("tcp", address) } else { roots := x509.NewCertPool() - ok := roots.AppendCertsFromPEM([]byte(c.opts.CaCert)) + ok := roots.AppendCertsFromPEM([]byte(c.opts.CACert)) if !ok { - panic("failed to parse root certificate") + return nil, errors.New("failed to parse root certificate") } c.conn, err = tls.DialWithDialer(&nd, "tcp", address, &tls.Config{ RootCAs: roots, diff --git a/session.go b/session.go index 62679382..7a71cf61 100644 --- a/session.go +++ b/session.go @@ -23,7 +23,7 @@ type ConnectOpts struct { AuthKey string `gorethink:"authkey,omitempty"` Timeout time.Duration `gorethink:"timeout,omitempty"` SSL bool `gorethink:"ssl",omitempty"` - CaCert string `gorethink:"cacert",omitempty"` + CACert string `gorethink:"cacert",omitempty"` MaxIdle int `gorethink:"max_idle,omitempty"` MaxOpen int `gorethink:"max_open,omitempty"` From 850948981497e4b95e42e3e05d4d5aa26477448b Mon Sep 17 00:00:00 2001 From: JP Date: Mon, 20 Apr 2015 09:33:36 -0500 Subject: [PATCH 3/4] abstract the TLSConfig out to its own variable in ConnectOpts --- connection.go | 13 ++----------- session.go | 4 ++-- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/connection.go b/connection.go index af7994f2..43375249 100644 --- a/connection.go +++ b/connection.go @@ -2,7 +2,6 @@ package gorethink import ( "crypto/tls" - "crypto/x509" "encoding/binary" "encoding/json" "errors" @@ -53,18 +52,10 @@ func NewConnection(address string, opts *ConnectOpts) (*Connection, error) { } // Connect to Server nd := net.Dialer{Timeout: c.opts.Timeout} - if !c.opts.SSL { + if c.opts.TLSConfig == nil { c.conn, err = nd.Dial("tcp", address) } else { - roots := x509.NewCertPool() - ok := roots.AppendCertsFromPEM([]byte(c.opts.CACert)) - if !ok { - return nil, errors.New("failed to parse root certificate") - } - c.conn, err = tls.DialWithDialer(&nd, "tcp", address, &tls.Config{ - RootCAs: roots, - ServerName: strings.Split(address, ":")[0], - }) + c.conn, err = tls.DialWithDialer(&nd, "tcp", address, c.opts.TLSConfig) } if err != nil { return nil, err diff --git a/session.go b/session.go index 7a71cf61..c4e59434 100644 --- a/session.go +++ b/session.go @@ -1,6 +1,7 @@ package gorethink import ( + "crypto/tls" "time" p "github.com/dancannon/gorethink/ql2" @@ -22,8 +23,7 @@ type ConnectOpts struct { Database string `gorethink:"database,omitempty"` AuthKey string `gorethink:"authkey,omitempty"` Timeout time.Duration `gorethink:"timeout,omitempty"` - SSL bool `gorethink:"ssl",omitempty"` - CACert string `gorethink:"cacert",omitempty"` + TLSConfig *tls.Config `gorethink:"tlsconfig,omitempty"` MaxIdle int `gorethink:"max_idle,omitempty"` MaxOpen int `gorethink:"max_open,omitempty"` From e5a2b8ef2e876a44ba6b24971f567027a6a2437d Mon Sep 17 00:00:00 2001 From: JP Date: Mon, 20 Apr 2015 10:37:57 -0500 Subject: [PATCH 4/4] removing unused imports --- connection.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/connection.go b/connection.go index 43375249..ee547afa 100644 --- a/connection.go +++ b/connection.go @@ -4,10 +4,8 @@ import ( "crypto/tls" "encoding/binary" "encoding/json" - "errors" "io" "net" - "strings" "sync/atomic" "time"