Back to go1.13 tls1.3 behavior

Signed-off-by: Jakub Čajka <jcajka@redhat.com>
2019-09-05 13:52:39 +02:00 · 2019-09-05 13:52:39 +02:00 · 25a05dd355
parent 8f7b389463
commit 25a05dd355
2 changed files with 4 additions and 70 deletions
--- a/disable-tls13-fornow.patch
+++ b/disable-tls13-fornow.patch
@ -1,67 +0,0 @@
-diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
-index ef0b385848..d888d1716f 100644
--- a/src/crypto/tls/common.go
-+++ b/src/crypto/tls/common.go
-@@ -808,7 +808,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
- 		if isClient && v < VersionTLS10 {
- 			continue
- 		}
-		// TLS 1.3 is opt-out in Go 1.13.
-+		// TLS 1.3 is opt-in in Go 1.12.
- 		if v == VersionTLS13 && !isTLS13Supported() {
- 			continue
- 		}
-@@ -823,11 +823,11 @@ var tls13Support struct {
- 	cached bool
- }
- 
-// isTLS13Supported returns whether the program enabled TLS 1.3 by not opting
-// out with GODEBUG=tls13=0. It's cached after the first execution.
-+// isTLS13Supported returns whether the program opted into TLS 1.3 via
-+// GODEBUG=tls13=1. It's cached after the first execution.
- func isTLS13Supported() bool {
- 	tls13Support.Do(func() {
-		tls13Support.cached = goDebugString("tls13") != "0"
-+		tls13Support.cached = goDebugString("tls13") == "1"
- 	})
- 	return tls13Support.cached
- }
-diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
-index ba6d5eba15..c42f909b93 100644
--- a/src/crypto/tls/tls.go
-+++ b/src/crypto/tls/tls.go
-@@ -5,9 +5,14 @@
- // Package tls partially implements TLS 1.2, as specified in RFC 5246,
- // and TLS 1.3, as specified in RFC 8446.
- //
-// TLS 1.3 is available on an opt-out basis in Go 1.13. To disable
-+// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable
- // it, set the GODEBUG environment variable (comma-separated key=value
-// options) such that it includes "tls13=0".
-+// options) such that it includes "tls13=1". To enable it from within
-+// the process, set the environment variable before any use of TLS:
-+//
-+//     func init() {
-+//         os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
-+//     }
- package tls
- 
- // BUG(agl): The crypto/tls package only implements some countermeasures
-diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go
-index b68c074855..5003381c37 100644
--- a/src/crypto/tls/tls_test.go
-+++ b/src/crypto/tls/tls_test.go
-@@ -23,6 +23,13 @@ import (
- 	"time"
- )
- 
-+func init() {
-+	// TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
-+	// TestTLS13Switch below tests the disabled behavior. See Issue 30055.
-+	tls13Support.Do(func() {}) // defuse the sync.Once
-+	tls13Support.cached = true
-+}
-+
- var rsaCertPEM = `-----BEGIN CERTIFICATE-----
- MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
- BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
--- a/golang.spec
+++ b/golang.spec
@ -106,7 +106,7 @@

 Name:           golang
 Version:        1.13
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -217,7 +217,6 @@ Requires:       go-srpm-macros
 Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
 Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
 Patch3:       0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
-Patch4:       disable-tls13-fornow.patch

 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -344,7 +343,6 @@ Requires:       %{name} = %{version}-%{release}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1

 cp %{SOURCE1} ./src/runtime/

@ -583,6 +581,9 @@ fi
 %endif

 %changelog
+* Thu Sep 05 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-2
+- Back to go1.13 tls1.3 behavior
+
 * Wed Sep 04 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-1
 - Rebase to go1.13