diff --git a/transport/internet/dialer.go b/transport/internet/dialer.go index e32a4c29..e39f8f20 100644 --- a/transport/internet/dialer.go +++ b/transport/internet/dialer.go @@ -20,6 +20,7 @@ func RegisterTransportDialer(protocol TransportProtocol, dialer Dialer) error { return nil } +// Dial dials a internet connection towards the given destination. func Dial(ctx context.Context, dest net.Destination) (Connection, error) { if dest.Network == net.Network_TCP { streamSettings := StreamSettingsFromContext(ctx) diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go index 81ad40a4..2f685b85 100644 --- a/transport/internet/tls/config.go +++ b/transport/internet/tls/config.go @@ -23,6 +23,7 @@ func ParseCertificate(c *cert.Certificate) *Certificate { } } +// BuildCertificates builds a list of TLS certificates from proto definition. func (c *Config) BuildCertificates() []tls.Certificate { certs := make([]tls.Certificate, 0, len(c.Certificate)) for _, entry := range c.Certificate { @@ -118,10 +119,11 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli } } +// GetTLSConfig converts this Config into tls.Config. func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { config := &tls.Config{ ClientSessionCache: globalSessionCache, - RootCAs: c.GetCertPool(), + RootCAs: c.getCertPool(), } if c == nil { return config @@ -153,8 +155,10 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config { return config } +// Option for building TLS config. type Option func(*tls.Config) +// WithDestination sets the server name in TLS config. func WithDestination(dest net.Destination) Option { return func(config *tls.Config) { if dest.Address.Family().IsDomain() && len(config.ServerName) == 0 { @@ -163,6 +167,7 @@ func WithDestination(dest net.Destination) Option { } } +// WithNextProto sets the ALPN values in TLS config. func WithNextProto(protocol ...string) Option { return func(config *tls.Config) { if len(config.NextProtos) == 0 { @@ -171,6 +176,7 @@ func WithNextProto(protocol ...string) Option { } } +// ConfigFromContext fetches Config from context. Nil if not found. func ConfigFromContext(ctx context.Context) *Config { securitySettings := internet.SecuritySettingsFromContext(ctx) if securitySettings == nil { diff --git a/transport/internet/tls/config_other.go b/transport/internet/tls/config_other.go index f667e8b9..76bae39a 100644 --- a/transport/internet/tls/config_other.go +++ b/transport/internet/tls/config_other.go @@ -4,7 +4,7 @@ package tls import "crypto/x509" -func (c *Config) GetCertPool() *x509.CertPool { +func (c *Config) getCertPool() *x509.CertPool { pool, err := x509.SystemCertPool() if err != nil { newError("failed to get system cert pool.").Base(err).WriteToLog() diff --git a/transport/internet/tls/config_windows.go b/transport/internet/tls/config_windows.go index 173982e3..84f0054e 100644 --- a/transport/internet/tls/config_windows.go +++ b/transport/internet/tls/config_windows.go @@ -4,6 +4,6 @@ package tls import "crypto/x509" -func (c *Config) GetCertPool() *x509.CertPool { +func (c *Config) getCertPool() *x509.CertPool { return nil } diff --git a/transport/internet/tls/tls.go b/transport/internet/tls/tls.go index 7ce8ecba..63f750fb 100644 --- a/transport/internet/tls/tls.go +++ b/transport/internet/tls/tls.go @@ -29,11 +29,13 @@ func (c *conn) WriteMultiBuffer(mb buf.MultiBuffer) error { return c.mergingWriter.Flush() } +// Client initiates a TLS client handshake on the given connection. func Client(c net.Conn, config *tls.Config) net.Conn { tlsConn := tls.Client(c, config) return &conn{Conn: tlsConn} } +// Server initiates a TLS server handshake on the given connection. func Server(c net.Conn, config *tls.Config) net.Conn { tlsConn := tls.Server(c, config) return &conn{Conn: tlsConn}