From 349bca06bbc85756c56109c19c149cba218ccab2 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Thu, 5 Mar 2020 15:11:03 -0800
Subject: [PATCH] Fix line error due to deprecated DialTLS.

---
 ca/tls.go | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/ca/tls.go b/ca/tls.go
index 79493eb1..2441b2d6 100644
--- a/ca/tls.go
+++ b/ca/tls.go
@@ -56,7 +56,8 @@ func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignResponse,
 		return nil, nil, err
 	}
 	// Use mutable tls.Config on renew
-	tr.DialTLS = c.buildDialTLS(tlsCtx)
+	tr.DialTLS = c.buildDialTLS(tlsCtx) //nolint:deprecated
+	tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
 	renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
 
 	// Update client transport
@@ -107,7 +108,8 @@ func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignResponse,
 		return nil, err
 	}
 	// Use mutable tls.Config on renew
-	tr.DialTLS = c.buildDialTLS(tlsCtx)
+	tr.DialTLS = c.buildDialTLS(tlsCtx) //nolint:deprecated
+	tr.DialTLSContext = c.buildDialTLSContext(tlsCtx)
 	renewer.RenewCertificate = getRenewFunc(tlsCtx, c, tr, pk)
 
 	// Update client transport
@@ -150,6 +152,24 @@ func (c *Client) buildDialTLS(ctx *TLSOptionCtx) func(network, addr string) (net
 	}
 }
 
+// buildDialTLSContext returns an implementation of DialTLSContext callback in http.Transport.
+func (c *Client) buildDialTLSContext(tlsCtx *TLSOptionCtx) func(ctx context.Context, network, addr string) (net.Conn, error) {
+	return func(ctx context.Context, network, addr string) (net.Conn, error) {
+		// TLS dialers do not support context, but we can use the context
+		// deadline if it is set.
+		var deadline time.Time
+		if t, ok := ctx.Deadline(); ok {
+			deadline = t
+		}
+		return tls.DialWithDialer(&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			Deadline:  deadline,
+			DualStack: true,
+		}, network, addr, tlsCtx.mutableConfig.TLSConfig())
+	}
+}
+
 // Certificate returns the server or client certificate from the sign response.
 func Certificate(sign *api.SignResponse) (*x509.Certificate, error) {
 	if sign.ServerPEM.Certificate == nil {