JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2518 from everpeace/fix-authority-header 

Setting just servername to :authority pseudo header in client when using TLS.
master
Akihiro Suda 2021-12-11 18:39:32 +09:00 committed by GitHub
parent b9c4e0b302 ccbf7f3386
commit 0dfc2aa421
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
client/client.go
View File

@ -43,6 +43,7 @@ func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error
}
needDialer := true
needWithInsecure := true
tlsServerName := ""
var unary []grpc.UnaryClientInterceptor
var stream []grpc.StreamClientInterceptor
@ -63,6 +64,7 @@ func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error
}
gopts = append(gopts, opt)
needWithInsecure = false
tlsServerName = credInfo.ServerName
}
if wt, ok := o.(*withTracer); ok {
customTracer = true
@ -106,14 +108,23 @@ func New(ctx context.Context, address string, opts ...ClientOpt) (*Client, error
address = appdefaults.Address
}
// grpc-go uses a slightly different naming scheme: https://github.com/grpc/grpc/blob/master/doc/naming.md
// This will end up setting rfc non-complient :authority header to address string (e.g. tcp://127.0.0.1:1234).
// So, here sets right authority header via WithAuthority DialOption.
addressURL, err := url.Parse(address)
if err != nil {
return nil, err
// Setting :authority pseudo header
// - HTTP/2 (RFC7540) defines :authority pseudo header includes
// the authority portion of target URI but it must not include
// userinfo part (i.e. url.Host).
// ref: https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.3
// - However, when TLS specified, grpc-go requires it must match
// with its servername specified for certificate validation.
authority := tlsServerName
if authority == "" {
// authority as hostname from target address
uri, err := url.Parse(address)
if err != nil {
return nil, err
}
authority = uri.Host
}
gopts = append(gopts, grpc.WithAuthority(addressURL.Host))
gopts = append(gopts, grpc.WithAuthority(authority))
unary = append(unary, grpcerrors.UnaryClientInterceptor)
stream = append(stream, grpcerrors.StreamClientInterceptor)