File tree Expand file tree Collapse file tree 2 files changed +22
-0
lines changed Expand file tree Collapse file tree 2 files changed +22
-0
lines changed Original file line number Diff line number Diff line change @@ -315,6 +315,9 @@ func (o *Options) clientConfig() (*tls.Config, error) {
315
315
// the setting int the right place.
316
316
if o .RootOptions .RootCACerts != nil {
317
317
o .RootOptions .RootCertificates = o .RootOptions .RootCACerts
318
+ // There are additional checks that only 1 field of `RootOptions` is
319
+ // non-nil, so set the deprecated field to nil
320
+ o .RootOptions .RootCACerts = nil
318
321
}
319
322
if o .VerificationType == SkipVerification && o .AdditionalPeerVerification == nil {
320
323
return nil , fmt .Errorf ("client needs to provide custom verification mechanism if choose to skip default verification" )
@@ -425,6 +428,9 @@ func (o *Options) serverConfig() (*tls.Config, error) {
425
428
// the setting int the right place.
426
429
if o .RootOptions .RootCACerts != nil {
427
430
o .RootOptions .RootCertificates = o .RootOptions .RootCACerts
431
+ // There are additional checks that only 1 field of `RootOptions` is
432
+ // non-nil, so set the deprecated field to nil
433
+ o .RootOptions .RootCACerts = nil
428
434
}
429
435
if o .RequireClientCert && o .VerificationType == SkipVerification && o .AdditionalPeerVerification == nil {
430
436
return nil , fmt .Errorf ("server needs to provide custom verification mechanism if choose to skip default verification, but require client certificate(s)" )
Original file line number Diff line number Diff line change @@ -188,6 +188,13 @@ func (s) TestClientOptionsConfigSuccessCases(t *testing.T) {
188
188
MinVersion : tls .VersionTLS12 ,
189
189
MaxVersion : tls .VersionTLS13 ,
190
190
},
191
+ {
192
+ desc : "Deprecated option is set and forwarded" ,
193
+ clientVerificationType : CertVerification ,
194
+ RootOptions : RootCertificateOptions {
195
+ RootCACerts : x509 .NewCertPool (),
196
+ },
197
+ },
191
198
}
192
199
for _ , test := range tests {
193
200
test := test
@@ -351,6 +358,15 @@ func (s) TestServerOptionsConfigSuccessCases(t *testing.T) {
351
358
MinVersion : tls .VersionTLS12 ,
352
359
MaxVersion : tls .VersionTLS13 ,
353
360
},
361
+ {
362
+ desc : "Deprecated option is set and forwarded" ,
363
+ IdentityOptions : IdentityCertificateOptions {
364
+ Certificates : []tls.Certificate {},
365
+ },
366
+ RootOptions : RootCertificateOptions {
367
+ RootCACerts : x509 .NewCertPool (),
368
+ },
369
+ },
354
370
}
355
371
for _ , test := range tests {
356
372
test := test
You can’t perform that action at this time.
0 commit comments