Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 // Copyright 2011 The Go Authors. All rights reserved. | 1 // Copyright 2011 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 // HTTP client implementation. See RFC 2616. | 5 // HTTP client implementation. See RFC 2616. |
6 // | 6 // |
7 // This is the low-level Transport implementation of RoundTripper. | 7 // This is the low-level Transport implementation of RoundTripper. |
8 // The high-level interface is in client.go. | 8 // The high-level interface is in client.go. |
9 | 9 |
10 package http | 10 package http |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
67 Dial func(network, addr string) (net.Conn, error) | 67 Dial func(network, addr string) (net.Conn, error) |
68 | 68 |
69 // TLSClientConfig specifies the TLS configuration to use with | 69 // TLSClientConfig specifies the TLS configuration to use with |
70 // tls.Client. If nil, the default configuration is used. | 70 // tls.Client. If nil, the default configuration is used. |
71 TLSClientConfig *tls.Config | 71 TLSClientConfig *tls.Config |
72 | 72 |
73 // TLSHandshakeTimeout specifies the maximum amount of time waiting to | 73 // TLSHandshakeTimeout specifies the maximum amount of time waiting to |
74 // wait for a TLS handshake. Zero means no timeout. | 74 // wait for a TLS handshake. Zero means no timeout. |
75 TLSHandshakeTimeout time.Duration | 75 TLSHandshakeTimeout time.Duration |
76 | 76 |
77 » // TLSVerifyCallback, if non-nil, is invoked right before hostname | 77 » // TLSVerify optionally specifies a validity check on new TLS client |
bradfitz
2014/08/13 00:48:44
I think I'd drop the word "Callback". Dial and Pro
cee-dub
2014/08/13 07:19:57
Done.
| |
78 » // verification, and offers an opportunity for callers to augment TLS | 78 » // connections. The function must not mutate the Config or connection. |
79 » // policy. The config is the actual built config as augmented with | 79 » // If nil, only the hostname is checked. It is an error to set TLSVerify |
80 » // hostnames, which can be used to change the hostname used for | 80 » // when TLSClientConfig.InsecureSkipVerify is true. |
81 » // verification. If an error is returned, the connection is aborted. | 81 » TLSVerify func(*tls.Conn, *tls.Config) error |
82 » TLSVerifyCallback func(*tls.Conn, *tls.Config) error | |
83 | 82 |
84 // DisableKeepAlives, if true, prevents re-use of TCP connections | 83 // DisableKeepAlives, if true, prevents re-use of TCP connections |
85 // between different HTTP requests. | 84 // between different HTTP requests. |
86 DisableKeepAlives bool | 85 DisableKeepAlives bool |
87 | 86 |
88 // DisableCompression, if true, prevents the Transport from | 87 // DisableCompression, if true, prevents the Transport from |
89 // requesting compression with an "Accept-Encoding: gzip" | 88 // requesting compression with an "Accept-Encoding: gzip" |
90 // request header when the Request contains no existing | 89 // request header when the Request contains no existing |
91 // Accept-Encoding value. If the Transport requests gzip on | 90 // Accept-Encoding value. If the Transport requests gzip on |
92 // its own and gets a gzipped response, it's transparently | 91 // its own and gets a gzipped response, it's transparently |
(...skipping 491 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
584 err := tlsConn.Handshake() | 583 err := tlsConn.Handshake() |
585 if timer != nil { | 584 if timer != nil { |
586 timer.Stop() | 585 timer.Stop() |
587 } | 586 } |
588 errc <- err | 587 errc <- err |
589 }() | 588 }() |
590 if err := <-errc; err != nil { | 589 if err := <-errc; err != nil { |
591 plainConn.Close() | 590 plainConn.Close() |
592 return nil, err | 591 return nil, err |
593 } | 592 } |
594 » » if t.TLSVerifyCallback != nil { | 593 » » if err := t.tlsVerify(tlsConn, cfg); err != nil { |
595 » » » if err := t.TLSVerifyCallback(tlsConn, cfg); err != nil { | 594 » » » plainConn.Close() |
596 » » » » return nil, err | 595 » » » return nil, err |
597 » » » } | |
598 » » } | |
599 » » if !cfg.InsecureSkipVerify { | |
600 » » » if err := tlsConn.VerifyHostname(cfg.ServerName); err != nil { | |
601 » » » » plainConn.Close() | |
602 » » » » return nil, err | |
603 » » » } | |
604 } | 596 } |
605 cs := tlsConn.ConnectionState() | 597 cs := tlsConn.ConnectionState() |
606 pconn.tlsState = &cs | 598 pconn.tlsState = &cs |
607 pconn.conn = tlsConn | 599 pconn.conn = tlsConn |
608 } | 600 } |
609 | 601 |
610 pconn.br = bufio.NewReader(noteEOFReader{pconn.conn, &pconn.sawEOF}) | 602 pconn.br = bufio.NewReader(noteEOFReader{pconn.conn, &pconn.sawEOF}) |
611 pconn.bw = bufio.NewWriter(pconn.conn) | 603 pconn.bw = bufio.NewWriter(pconn.conn) |
612 go pconn.readLoop() | 604 go pconn.readLoop() |
613 go pconn.writeLoop() | 605 go pconn.writeLoop() |
614 return pconn, nil | 606 return pconn, nil |
607 } | |
608 | |
609 // tlsVerify returns errors from a call to either of TLSVerify or VerifyHostname | |
610 // unless InsecureSkipVerify is set. | |
611 func (t *Transport) tlsVerify(conn *tls.Conn, cfg *tls.Config) error { | |
612 if cfg.InsecureSkipVerify { | |
613 if t.TLSVerify != nil { | |
614 return errors.New("http: may not set both TLSVerify in t he Transport and InsecureSkipVerify in the tls.Config") | |
615 } | |
616 return nil | |
617 } | |
618 | |
619 if t.TLSVerify != nil { | |
620 return t.TLSVerify(conn, cfg) | |
621 } | |
622 return conn.VerifyHostname(cfg.ServerName) | |
615 } | 623 } |
616 | 624 |
617 // useProxy returns true if requests to addr should use a proxy, | 625 // useProxy returns true if requests to addr should use a proxy, |
618 // according to the NO_PROXY or no_proxy environment variable. | 626 // according to the NO_PROXY or no_proxy environment variable. |
619 // addr is always a canonicalAddr with a host and port. | 627 // addr is always a canonicalAddr with a host and port. |
620 func useProxy(addr string) bool { | 628 func useProxy(addr string) bool { |
621 if len(addr) == 0 { | 629 if len(addr) == 0 { |
622 return true | 630 return true |
623 } | 631 } |
624 host, _, err := net.SplitHostPort(addr) | 632 host, _, err := net.SplitHostPort(addr) |
(...skipping 586 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1211 sawEOF *bool | 1219 sawEOF *bool |
1212 } | 1220 } |
1213 | 1221 |
1214 func (nr noteEOFReader) Read(p []byte) (n int, err error) { | 1222 func (nr noteEOFReader) Read(p []byte) (n int, err error) { |
1215 n, err = nr.r.Read(p) | 1223 n, err = nr.r.Read(p) |
1216 if err == io.EOF { | 1224 if err == io.EOF { |
1217 *nr.sawEOF = true | 1225 *nr.sawEOF = true |
1218 } | 1226 } |
1219 return | 1227 return |
1220 } | 1228 } |
LEFT | RIGHT |