Skip to content
This repository has been archived by the owner on Aug 19, 2022. It is now read-only.

Commit

Permalink
use tls.Conn.HandshakeContext instead of tls.Conn.Handshake (#106)
Browse files Browse the repository at this point in the history
* use tls.Conn.HandshakeContext instead of tls.Conn.Handshake

* make sure that crypto/tls picks up the handshake ctx cancelation in tests
  • Loading branch information
marten-seemann authored Apr 10, 2022
1 parent 160adad commit 5c27a1e
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 49 deletions.
51 changes: 3 additions & 48 deletions transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"crypto/tls"
"errors"
"net"
"sync"

ci "github.com/libp2p/go-libp2p-core/crypto"
"github.com/libp2p/go-libp2p-core/peer"
Expand Down Expand Up @@ -71,44 +70,8 @@ func (t *Transport) SecureOutbound(ctx context.Context, insecure net.Conn, p pee
return cs, err
}

func (t *Transport) handshake(
ctx context.Context,
tlsConn *tls.Conn,
keyCh <-chan ci.PubKey,
) (sec.SecureConn, error) {
// There's no way to pass a context to tls.Conn.Handshake().
// See https://github.com/golang/go/issues/18482.
// Close the connection instead.
select {
case <-ctx.Done():
tlsConn.Close()
default:
}

done := make(chan struct{})
var wg sync.WaitGroup

// Ensure that we do not return before
// either being done or having a context
// cancellation.
defer wg.Wait()
defer close(done)

wg.Add(1)
go func() {
defer wg.Done()
select {
case <-done:
case <-ctx.Done():
tlsConn.Close()
}
}()

if err := tlsConn.Handshake(); err != nil {
// if the context was canceled, return the context error
if ctxErr := ctx.Err(); ctxErr != nil {
return nil, ctxErr
}
func (t *Transport) handshake(ctx context.Context, tlsConn *tls.Conn, keyCh <-chan ci.PubKey) (sec.SecureConn, error) {
if err := tlsConn.HandshakeContext(ctx); err != nil {
return nil, err
}

Expand All @@ -122,15 +85,7 @@ func (t *Transport) handshake(
return nil, errors.New("go-libp2p-tls BUG: expected remote pub key to be set")
}

conn, err := t.setupConn(tlsConn, remotePubKey)
if err != nil {
// if the context was canceled, return the context error
if ctxErr := ctx.Err(); ctxErr != nil {
return nil, ctxErr
}
return nil, err
}
return conn, nil
return t.setupConn(tlsConn, remotePubKey)
}

func (t *Transport) setupConn(tlsConn *tls.Conn, remotePubKey ci.PubKey) (sec.SecureConn, error) {
Expand Down
15 changes: 14 additions & 1 deletion transport_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,19 @@ func TestHandshakeSucceeds(t *testing.T) {
})
}

// crypto/tls' cancellation logic works by spinning up a separate Go routine that watches the ctx.
// If the ctx is canceled, it kills the handshake.
// We need to make sure that the handshake doesn't complete before that Go routine picks up the cancellation.
type delayedConn struct {
net.Conn
delay time.Duration
}

func (c *delayedConn) Read(b []byte) (int, error) {
time.Sleep(c.delay)
return c.Conn.Read(b)
}

func TestHandshakeConnectionCancelations(t *testing.T) {
_, clientKey := createPeer(t)
serverID, serverKey := createPeer(t)
Expand Down Expand Up @@ -152,7 +165,7 @@ func TestHandshakeConnectionCancelations(t *testing.T) {
go func() {
ctx, cancel := context.WithCancel(context.Background())
cancel()
_, err := serverTransport.SecureInbound(ctx, serverInsecureConn, "")
_, err := serverTransport.SecureInbound(ctx, &delayedConn{Conn: serverInsecureConn, delay: 5 * time.Millisecond}, "")
errChan <- err
}()
_, err = clientTransport.SecureOutbound(context.Background(), clientInsecureConn, serverID)
Expand Down

0 comments on commit 5c27a1e

Please sign in to comment.