-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
when setting MaxConnsPerIP to value greater than zero, the TLSConnectionState( ) is null on a TLS connection returned from the worker pool. #1770
Comments
I have pushed a fix. I'll tag a release next week probably. |
Thanks! I’ll keep an eye out for it!
… On Apr 29, 2024, at 9:19 AM, Erik Dubbelboer ***@***.***> wrote:
Closed #1770 <#1770> as completed via 105eb3b <105eb3b>.
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6DV35SWP2CN6KS3RYDY7ZCHFAVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJSGY2DGMBWGI4DENY>.
You are receiving this because you authored the thread.
|
how does one access the TLSConnectionState from a *fasthttp.hijackConn - I attempted type-casting it to *tls.Conn but it barfed on me saying it wasn’t a tls.Conn…
… On Apr 29, 2024, at 9:20 AM, Erik Dubbelboer ***@***.***> wrote:
I have pushed a fix. I'll tag a release next week probably.
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6D2GWI4FGPSKWEQX53Y7ZCJHAVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSG4ZDOMJRGU>.
You are receiving this because you authored the thread.
|
I can't check right now but have you tried casting like this?
|
indeed i have :-)
looking at your code, I want to get to the net.Conn - but the issue is the type’s private
kws.Conn.NetConn() returns a *hijackConn - but I can’t call UnsafeConn to get the net.Conn to cast it...
type hijackConn struct {
net.Conn
r io.Reader
s *Server
}
func (c *hijackConn) UnsafeConn() net.Conn {
return c.Conn
}
… On May 3, 2024, at 11:23 AM, Erik Dubbelboer ***@***.***> wrote:
I can't check right now but have you tried casting like this?
var conn *fasthttp.hijackConn
tlsConn, ok := conn.Conn.(*tls.Conn)
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6HM4AYHJGQIL4VDTCTZAOTYZAVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGIZTOMZZG4>.
You are receiving this because you authored the thread.
|
Maybe this? kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn() |
nope - i tried this -
(kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()).(*tls.Conn)
but it returns a ConnectionState that isn’t right - the PeerCertificates are empty …
… On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:
Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6C36HYG76GOWG7BIHLZAOWA7AVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGI3DQOJWGQ>.
You are receiving this because you authored the thread.
|
Actually - this likely should work - the PeerCertificate is empty because I put this in a test-strap that isn’t Requiring a Client Certificate….I’ll modify with a tls.Config requiring certificates and verify - in that case - no mods are needed.On May 3, 2024, at 11:58 AM, Robert Baruch ***@***.***> wrote:nope - i tried this - (kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()).(*tls.Conn)but it returns a ConnectionState that isn’t right - the PeerCertificates are empty …On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
my goal is to replicate what i’m doing with a non-ws connection to access the PeerCerts:
peer := c.Context().TLSConnectionState().PeerCertificates[0]
...
… On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:
Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6C36HYG76GOWG7BIHLZAOWA7AVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGI3DQOJWGQ>.
You are receiving this because you authored the thread.
|
adding tls.RequireAndVerifyClientCert to ClientAuth forced a client cert and all’s well - thanks again for taking a look!
… On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:
Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()
—
Reply to this email directly, view it on GitHub <#1770 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABB2J6C36HYG76GOWG7BIHLZAOWA7AVCNFSM6AAAAABG5F2GOOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJTGI3DQOJWGQ>.
You are receiving this because you authored the thread.
|
Any word on the tagged release with this update?On May 3, 2024, at 2:31 PM, Robert Baruch ***@***.***> wrote:adding tls.RequireAndVerifyClientCert to ClientAuth forced a client cert and all’s well - thanks again for taking a look!On May 3, 2024, at 11:43 AM, Erik Dubbelboer ***@***.***> wrote:Maybe this?
kws.Conn.NetConn().(interface{ UnsafeConn() net.Conn }).UnsafeConn()—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using GoFiber (which uses fasthttp) if i attempt to set the server's
MaxConnsPerIP
, then the*fasthttp.RequestCtx.TLSConnectionState( )
returns nil. Without setting it to a value greater than zero, it works as expected and theTLSConnectionState( )
returned is non-nilThe text was updated successfully, but these errors were encountered: