Commit 09eb5889 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

net/http: return error from Serve if http2.ConfigureServer returns an error

In https://golang.org/cl/15860 http2.ConfigureServer was changed to
return an error if explicit CipherSuites are listed and they're not
compliant with the HTTP/2 spec.

This is the net/http side of the change, to look at the return value
from ConfigureServer and propagate it in Server.Serve.

h2_bundle.go will be updated in a future CL. There are too many other
http2 changes pending to be worth updating it now. Instead,
h2_bundle.go is minimally updated by hand in this CL so at least the
net/http change will compile.

Updates #12895

Change-Id: I4df7a097faff2d235742c2d310c333bd3fd5c08e
Reviewed-on: https://go-review.googlesource.com/16065Reviewed-by: 's avatarAndrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent d4a7ea1b
......@@ -1815,7 +1815,7 @@ func (s *http2Server) maxConcurrentStreams() uint32 {
// The configuration conf may be nil.
//
// ConfigureServer must be called before s begins serving.
func http2ConfigureServer(s *Server, conf *http2Server) {
func http2ConfigureServer(s *Server, conf *http2Server) error {
if conf == nil {
conf = new(http2Server)
}
......@@ -1861,6 +1861,7 @@ func http2ConfigureServer(s *Server, conf *http2Server) {
}
s.TLSNextProto[http2NextProtoTLS] = protoHandler
s.TLSNextProto["h2-14"] = protoHandler
return nil // temporary manual edit to h2_bundle.go, to be deleted once we update from x/net again
}
func (srv *http2Server) handleConn(hs *Server, c net.Conn, h Handler) {
......
......@@ -1808,6 +1808,7 @@ type Server struct {
disableKeepAlives int32 // accessed atomically.
nextProtoOnce sync.Once // guards initialization of TLSNextProto in Serve
nextProtoErr error
}
// A ConnState represents the state of a client connection to a server.
......@@ -1898,6 +1899,10 @@ func (srv *Server) Serve(l net.Listener) error {
defer l.Close()
var tempDelay time.Duration // how long to sleep on accept failure
srv.nextProtoOnce.Do(srv.setNextProtoDefaults)
if srv.nextProtoErr != nil {
// Error from http2 ConfigureServer (e.g. bad ciphersuites)
return srv.nextProtoErr
}
for {
rw, e := l.Accept()
if e != nil {
......@@ -2054,11 +2059,13 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
return srv.Serve(tlsListener)
}
// setNextProtoDefaults configures HTTP/2.
// It must only be called via srv.nextProtoOnce.
func (srv *Server) setNextProtoDefaults() {
// Enable HTTP/2 by default if the user hasn't otherwise
// configured their TLSNextProto map.
if srv.TLSNextProto == nil {
http2ConfigureServer(srv, nil)
srv.nextProtoErr = http2ConfigureServer(srv, nil)
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment