Upgrades to Go 1.7 and fixes vet finding and TLS behavior change. (#2281)

* Upgrades to Go 1.7 and fixes vet finding and TLS behavior change. * Fixes unit tests in a better manner by closing the client connection on errors. We traced through and realized that https://github.com/golang/go/issues/15709 causes the output from the client to get buffered, which cuts off the alert feedback due to the flush() call getting bypassed by the error return.
8 years ago · 6de74c60a4
5 changed files with 42 additions and 10 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,7 +1,7 @@
 language: go

 go:
-  - 1.6.3
+  - 1.7.3

 branches:
  only:
--- a/README.md
+++ b/README.md
@ -42,7 +42,7 @@ https://www.consul.io/docs
 ## Developing Consul

 If you wish to work on Consul itself, you'll first need [Go](https://golang.org)
-installed (version 1.6+ is _required_). Make sure you have Go properly installed,
+installed (version 1.7+ is _required_). Make sure you have Go properly installed,
 including setting up your [GOPATH](https://golang.org/doc/code.html#GOPATH).

 Next, clone this repository into `$GOPATH/src/github.com/hashicorp/consul` and
@ -64,7 +64,7 @@ format the code according to Go standards.

 ### Building Consul on Windows

-Make sure Go 1.6+ is installed on your system and that the Go command is in your
+Make sure Go 1.7+ is installed on your system and that the Go command is in your
 %PATH%.

 For building Consul on Windows, you also need to have MinGW installed.
--- a/scripts/consul-builder/Dockerfile
+++ b/scripts/consul-builder/Dockerfile
@ -1,6 +1,6 @@
 FROM ubuntu:trusty

-ENV GOVERSION 1.6.3
+ENV GOVERSION 1.7.3

 RUN apt-get update -y && \
    apt-get install --no-install-recommends -y -q \
--- a/tlsutil/config.go
+++ b/tlsutil/config.go
@ -143,6 +143,39 @@ func (c *Config) OutgoingTLSConfig() (*tls.Config, error) {
 	return tlsConfig, nil
 }

+// Clone returns a copy of c. Only the exported fields are copied. This
+// was copied from https://golang.org/src/crypto/tls/common.go since that
+// isn't exported and Go 1.7's vet uncovered an unsafe copy of a mutex in
+// here.
+//
+// TODO (slackpad) - This can be removed once we move to Go 1.8, see
+// https://github.com/golang/go/commit/d24f446 for details.
+func clone(c *tls.Config) *tls.Config {
+	return &tls.Config{
+		Rand:                        c.Rand,
+		Time:                        c.Time,
+		Certificates:                c.Certificates,
+		NameToCertificate:           c.NameToCertificate,
+		GetCertificate:              c.GetCertificate,
+		RootCAs:                     c.RootCAs,
+		NextProtos:                  c.NextProtos,
+		ServerName:                  c.ServerName,
+		ClientAuth:                  c.ClientAuth,
+		ClientCAs:                   c.ClientCAs,
+		InsecureSkipVerify:          c.InsecureSkipVerify,
+		CipherSuites:                c.CipherSuites,
+		PreferServerCipherSuites:    c.PreferServerCipherSuites,
+		SessionTicketsDisabled:      c.SessionTicketsDisabled,
+		SessionTicketKey:            c.SessionTicketKey,
+		ClientSessionCache:          c.ClientSessionCache,
+		MinVersion:                  c.MinVersion,
+		MaxVersion:                  c.MaxVersion,
+		CurvePreferences:            c.CurvePreferences,
+		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
+		Renegotiation:               c.Renegotiation,
+	}
+}
+
 // OutgoingTLSWrapper returns a a DCWrapper based on the OutgoingTLS
 // configuration. If hostname verification is on, the wrapper
 // will properly generate the dynamic server name for verification.
@ -164,9 +197,9 @@ func (c *Config) OutgoingTLSWrapper() (DCWrapper, error) {
 	// Generate the wrapper based on hostname verification
 	if c.VerifyServerHostname {
 		wrapper := func(dc string, conn net.Conn) (net.Conn, error) {
-			conf := *tlsConfig
+			conf := clone(tlsConfig)
 			conf.ServerName = "server." + dc + "." + domain
-			return WrapTLSClient(conn, &conf)
+			return WrapTLSClient(conn, conf)
 		}
 		return wrapper, nil
 	} else {
--- a/tlsutil/config_test.go
+++ b/tlsutil/config_test.go
@ -207,6 +207,7 @@ func startTLSServer(config *Config) (net.Conn, chan error) {
 			errc <- err
 		}
 		close(errc)
+
 		// Because net.Pipe() is unbuffered, if both sides
 		// Close() simultaneously, we will deadlock as they
 		// both send an alert and then block. So we make the
@ -276,12 +277,11 @@ func TestConfig_outgoingWrapper_BadDC(t *testing.T) {
 	if err != nil {
 		t.Fatalf("wrapTLS err: %v", err)
 	}
-	defer tlsClient.Close()
 	err = tlsClient.(*tls.Conn).Handshake()
-
 	if _, ok := err.(x509.HostnameError); !ok {
 		t.Fatalf("should get hostname err: %v", err)
 	}
+	tlsClient.Close()

 	<-errc
 }
@ -309,12 +309,11 @@ func TestConfig_outgoingWrapper_BadCert(t *testing.T) {
 	if err != nil {
 		t.Fatalf("wrapTLS err: %v", err)
 	}
-	defer tlsClient.Close()
 	err = tlsClient.(*tls.Conn).Handshake()
-
 	if _, ok := err.(x509.HostnameError); !ok {
 		t.Fatalf("should get hostname err: %v", err)
 	}
+	tlsClient.Close()

 	<-errc
 }