consul: Simplify TLS handling in RPC server

pull/28/head
Armon Dadgar 11 years ago
parent 592953309e
commit 39a55953af

@ -45,14 +45,14 @@ func (s *Server) listen() {
s.rpcClients[conn] = struct{}{}
s.rpcClientLock.Unlock()
go s.handleConn(conn)
go s.handleConn(conn, false)
metrics.IncrCounter([]string{"consul", "rpc", "accept_conn"}, 1)
}
}
// handleConn is used to determine if this is a Raft or
// Consul type RPC connection and invoke the correct handler
func (s *Server) handleConn(conn net.Conn) {
func (s *Server) handleConn(conn net.Conn, isTLS bool) {
// Read a single byte
buf := make([]byte, 1)
if _, err := conn.Read(buf); err != nil {
@ -61,20 +61,8 @@ func (s *Server) handleConn(conn net.Conn) {
return
}
// Check if entering TLS mode
isTLS := false
if RPCType(buf[0]) == rpcTLS {
if s.rpcTLS == nil {
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
conn.Close()
return
}
conn = tls.Server(conn, s.rpcTLS)
isTLS = true
}
// Enforce TLS if VerifyIncoming is set
if s.config.VerifyIncoming && !isTLS {
if s.config.VerifyIncoming && !isTLS && RPCType(buf[0]) != rpcTLS {
s.logger.Printf("[WARN] consul.rpc: Non-TLS connection attempted with VerifyIncoming set")
conn.Close()
return
@ -92,6 +80,15 @@ func (s *Server) handleConn(conn net.Conn) {
case rpcMultiplex:
s.handleMultiplex(conn)
case rpcTLS:
if s.rpcTLS == nil {
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
conn.Close()
return
}
conn = tls.Server(conn, s.rpcTLS)
s.handleConn(conn, true)
default:
s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0])
conn.Close()

Loading…
Cancel
Save