|
|
@ -61,6 +61,25 @@ func (s *Server) handleConn(conn net.Conn) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Check if entering TLS mode
|
|
|
|
|
|
|
|
isTLS := false
|
|
|
|
|
|
|
|
if RPCType(buf[0]) == rpcTLS {
|
|
|
|
|
|
|
|
if s.rpcTLS == nil {
|
|
|
|
|
|
|
|
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
|
|
|
|
|
|
|
|
conn.Close()
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
conn = tls.Server(conn, s.rpcTLS)
|
|
|
|
|
|
|
|
isTLS = true
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Enforce TLS if VerifyIncoming is set
|
|
|
|
|
|
|
|
if s.config.VerifyIncoming && !isTLS {
|
|
|
|
|
|
|
|
s.logger.Printf("[WARN] consul.rpc: Non-TLS connection attempted with VerifyIncoming set")
|
|
|
|
|
|
|
|
conn.Close()
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Switch on the byte
|
|
|
|
// Switch on the byte
|
|
|
|
switch RPCType(buf[0]) {
|
|
|
|
switch RPCType(buf[0]) {
|
|
|
|
case rpcConsul:
|
|
|
|
case rpcConsul:
|
|
|
@ -73,15 +92,6 @@ func (s *Server) handleConn(conn net.Conn) {
|
|
|
|
case rpcMultiplex:
|
|
|
|
case rpcMultiplex:
|
|
|
|
s.handleMultiplex(conn)
|
|
|
|
s.handleMultiplex(conn)
|
|
|
|
|
|
|
|
|
|
|
|
case rpcTLS:
|
|
|
|
|
|
|
|
if s.rpcTLS == nil {
|
|
|
|
|
|
|
|
s.logger.Printf("[WARN] consul.rpc: TLS connection attempted, server not configured for TLS")
|
|
|
|
|
|
|
|
conn.Close()
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
conn = tls.Server(conn, s.rpcTLS)
|
|
|
|
|
|
|
|
s.handleConn(conn)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
default:
|
|
|
|
s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0])
|
|
|
|
s.logger.Printf("[ERR] consul.rpc: unrecognized RPC byte: %v", buf[0])
|
|
|
|
conn.Close()
|
|
|
|
conn.Close()
|
|
|
|