when setting MaxConnsPerIP to value greater than zero, the TLSConnectionState( ) is null on a TLS connection returned from the worker pool. #1770
Comments
|
I have pushed a fix. I'll tag a release next week probably. |
|
Thanks! I’ll keep an eye out for it!
… On Apr 29, 2024, at 9:19 AM, Erik Dubbelboer ***@***.***> wrote:
Closed #1770 <#1770> as completed via 105eb3b <105eb3b>.
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6DV35SWP2CN6KS3RYDY7ZCHFAVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJSGY2DGMBWGI4DENY>.
You are receiving this because you authored the thread.
|
|
how does one access the TLSConnectionState from a *fasthttp.hijackConn - I attempted type-casting it to *tls.Conn but it barfed on me saying it wasn’t a tls.Conn…
… On Apr 29, 2024, at 9:20 AM, Erik Dubbelboer ***@***.***> wrote:
I have pushed a fix. I'll tag a release next week probably.
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6D2GWI4FGPSKWEQX53Y7ZCJHAVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSG4ZDOMJRGU>.
You are receiving this because you authored the thread.
|
|
I can't check right now but have you tried casting like this? |
|
indeed i have :-)
looking at your code, I want to get to the net.Conn - but the issue is the type’s private
kws.Conn.NetConn() returns a *hijackConn - but I can’t call UnsafeConn to get the net.Conn to cast it...
type hijackConn struct {
net.Conn
r io.Reader
s *Server
}
func (c *hijackConn) UnsafeConn() net.Conn {
return c.Conn
}
… On May 3, 2024, at 11:23 AM, Erik Dubbelboer ***@***.***> wrote:
I can't check right now but have you tried casting like this?
var conn *fasthttp.hijackConn
tlsConn, ok := conn.Conn.(*tls.Conn)
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6HM4AYHJGQIL4VDTCTZAOTYZAVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGIZTOMZZG4>.
You are receiving this because you authored the thread.
|
|
Maybe this? kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn() |
|
nope - i tried this -
(kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()).(*tls.Conn)
but it returns a ConnectionState that isn’t right - the PeerCertificates are empty …
… On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:
Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6C36HYG76GOWG7BIHLZAOWA7AVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGI3DQOJWGQ>.
You are receiving this because you authored the thread.
|
|
Actually - this likely should work - the PeerCertificate is empty because I put this in a test-strap that isn’t Requiring a Client Certificate….I’ll modify with a tls.Config requiring certificates and verify - in that case - no mods are needed.On May 3, 2024, at 11:58 AM, Robert Baruch ***@***.***> wrote:nope - i tried this - (kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()).(*tls.Conn)but it returns a ConnectionState that isn’t right - the PeerCertificates are empty …On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
my goal is to replicate what i’m doing with a non-ws connection to access the PeerCerts:
peer := c.Context().TLSConnectionState().PeerCertificates[0]
...
… On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:
Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6C36HYG76GOWG7BIHLZAOWA7AVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGI3DQOJWGQ>.
You are receiving this because you authored the thread.
|
|
adding tls.RequireAndVerifyClientCert to ClientAuth forced a client cert and all’s well - thanks again for taking a look!
… On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:
Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6C36HYG76GOWG7BIHLZAOWA7AVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGI3DQOJWGQ>.
You are receiving this because you authored the thread.
|
|
Any word on the tagged release with this update?On May 3, 2024, at 2:31 PM, Robert Baruch ***@***.***> wrote:adding tls.RequireAndVerifyClientCert to ClientAuth forced a client cert and all’s well - thanks again for taking a look!On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using GoFiber (which uses fasthttp) if i attempt to set the server's
MaxConnsPerIP, then the*fasthttp.RequestCtx.TLSConnectionState( )returns nil. Without setting it to a value greater than zero, it works as expected and theTLSConnectionState( )returned is non-nilThe text was updated successfully, but these errors were encountered: