Back to go1.13 tls1.3 behavior
Signed-off-by: Jakub Čajka <jcajka@redhat.com>
This commit is contained in:
parent
8f7b389463
commit
25a05dd355
@ -1,67 +0,0 @@
|
||||
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
|
||||
index ef0b385848..d888d1716f 100644
|
||||
--- a/src/crypto/tls/common.go
|
||||
+++ b/src/crypto/tls/common.go
|
||||
@@ -808,7 +808,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
|
||||
if isClient && v < VersionTLS10 {
|
||||
continue
|
||||
}
|
||||
- // TLS 1.3 is opt-out in Go 1.13.
|
||||
+ // TLS 1.3 is opt-in in Go 1.12.
|
||||
if v == VersionTLS13 && !isTLS13Supported() {
|
||||
continue
|
||||
}
|
||||
@@ -823,11 +823,11 @@ var tls13Support struct {
|
||||
cached bool
|
||||
}
|
||||
|
||||
-// isTLS13Supported returns whether the program enabled TLS 1.3 by not opting
|
||||
-// out with GODEBUG=tls13=0. It's cached after the first execution.
|
||||
+// isTLS13Supported returns whether the program opted into TLS 1.3 via
|
||||
+// GODEBUG=tls13=1. It's cached after the first execution.
|
||||
func isTLS13Supported() bool {
|
||||
tls13Support.Do(func() {
|
||||
- tls13Support.cached = goDebugString("tls13") != "0"
|
||||
+ tls13Support.cached = goDebugString("tls13") == "1"
|
||||
})
|
||||
return tls13Support.cached
|
||||
}
|
||||
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
|
||||
index ba6d5eba15..c42f909b93 100644
|
||||
--- a/src/crypto/tls/tls.go
|
||||
+++ b/src/crypto/tls/tls.go
|
||||
@@ -5,9 +5,14 @@
|
||||
// Package tls partially implements TLS 1.2, as specified in RFC 5246,
|
||||
// and TLS 1.3, as specified in RFC 8446.
|
||||
//
|
||||
-// TLS 1.3 is available on an opt-out basis in Go 1.13. To disable
|
||||
+// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable
|
||||
// it, set the GODEBUG environment variable (comma-separated key=value
|
||||
-// options) such that it includes "tls13=0".
|
||||
+// options) such that it includes "tls13=1". To enable it from within
|
||||
+// the process, set the environment variable before any use of TLS:
|
||||
+//
|
||||
+// func init() {
|
||||
+// os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
|
||||
+// }
|
||||
package tls
|
||||
|
||||
// BUG(agl): The crypto/tls package only implements some countermeasures
|
||||
diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go
|
||||
index b68c074855..5003381c37 100644
|
||||
--- a/src/crypto/tls/tls_test.go
|
||||
+++ b/src/crypto/tls/tls_test.go
|
||||
@@ -23,6 +23,13 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
+func init() {
|
||||
+ // TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
|
||||
+ // TestTLS13Switch below tests the disabled behavior. See Issue 30055.
|
||||
+ tls13Support.Do(func() {}) // defuse the sync.Once
|
||||
+ tls13Support.cached = true
|
||||
+}
|
||||
+
|
||||
var rsaCertPEM = `-----BEGIN CERTIFICATE-----
|
||||
MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
|
||||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
|
@ -106,7 +106,7 @@
|
||||
|
||||
Name: golang
|
||||
Version: 1.13
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: The Go Programming Language
|
||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||
License: BSD and Public Domain
|
||||
@ -217,7 +217,6 @@ Requires: go-srpm-macros
|
||||
Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
|
||||
Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
|
||||
Patch3: 0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
|
||||
Patch4: disable-tls13-fornow.patch
|
||||
|
||||
# Having documentation separate was broken
|
||||
Obsoletes: %{name}-docs < 1.1-4
|
||||
@ -344,7 +343,6 @@ Requires: %{name} = %{version}-%{release}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
cp %{SOURCE1} ./src/runtime/
|
||||
|
||||
@ -583,6 +581,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Sep 05 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-2
|
||||
- Back to go1.13 tls1.3 behavior
|
||||
|
||||
* Wed Sep 04 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-1
|
||||
- Rebase to go1.13
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user