Fix line error due to deprecated DialTLS.
This commit is contained in:
parent
f868e07a76
commit
349bca06bb
1 changed files with 22 additions and 2 deletions
24
ca/tls.go
24
ca/tls.go
|
@ -56,7 +56,8 @@ func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignResponse,
|
|||
return nil, nil, err
|
||||
}
|
||||
// Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx) //nolint:deprecated
|
||||
tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||
|
||||
// Update client transport
|
||||
|
@ -107,7 +108,8 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
|
|||
return nil, err
|
||||
}
|
||||
// Use mutable tls.Config on renew
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx)
|
||||
tr.DialTLS = c.buildDialTLS(tlsCtx) //nolint:deprecated
|
||||
tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
|
||||
renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
|
||||
|
||||
// Update client transport
|
||||
|
@ -150,6 +152,24 @@ func (c *Client) buildDialTLS(ctx *TLSOptionCtx) func(network, addr string) (net
|
|||
}
|
||||
}
|
||||
|
||||
// buildDialTLSContext returns an implementation of DialTLSContext callback in http.Transport.
|
||||
func (c *Client) buildDialTLSContext(tlsCtx *TLSOptionCtx) func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
// TLS dialers do not support context, but we can use the context
|
||||
// deadline if it is set.
|
||||
var deadline time.Time
|
||||
if t, ok := ctx.Deadline(); ok {
|
||||
deadline = t
|
||||
}
|
||||
return tls.DialWithDialer(&net.Dialer{
|
||||
Timeout: 30 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
Deadline: deadline,
|
||||
DualStack: true,
|
||||
}, network, addr, tlsCtx.mutableConfig.TLSConfig())
|
||||
}
|
||||
}
|
||||
|
||||
// Certificate returns the server or client certificate from the sign response.
|
||||
func Certificate(sign *api.SignResponse) (*x509.Certificate, error) {
|
||||
if sign.ServerPEM.Certificate == nil {
|
||||
|
|
Loading…
Reference in a new issue