Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Allow the customization of the TLS connection #592

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions mssql.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package mssql

import (
"context"
"crypto/tls"
"database/sql"
"database/sql/driver"
"encoding/binary"
Expand Down Expand Up @@ -126,6 +127,11 @@ type Connector struct {
// Dialer sets a custom dialer for all network operations.
// If Dialer is not set, normal net dialers are used.
Dialer Dialer

// Called to create a new and customized TLS connection.
// If NewTLSConn is not set, tls.Client is called to create the
// TLS connection.
NewTLSConn func(conn net.Conn, config *tls.Config) *tls.Conn
}

type Dialer interface {
Expand Down
16 changes: 15 additions & 1 deletion tds.go
Original file line number Diff line number Diff line change
Expand Up @@ -934,7 +934,21 @@ initiate_connection:
// setting up connection handler which will allow wrapping of TLS handshake packets inside TDS stream
handshakeConn := tlsHandshakeConn{buf: outbuf}
passthrough := passthroughConn{c: &handshakeConn}
tlsConn := tls.Client(&passthrough, &config)
var tlsConn *tls.Conn
if c.NewTLSConn != nil {
// TODO modify NewTLSConn to also return an err? and bail if err?
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is better to have NewTLSConn to have same interface as tls.Client, so current implementation should be ok

// TODO should NewTLSConn have a config argument? it will be
// passed initialized, which might be odd?
// the rationale being, if you set NewTLSConn, you should
// known what you are doing, and it should only be
// c.NewTLSConn(&passthrough)? But then again... how to
// access connectParams for getting, at least,
// p.hostInCertificate?
tlsConn = c.NewTLSConn(&passthrough, &config)
} else {
tlsConn = tls.Client(&passthrough, &config)
}
// TODO err when tlsConn is nil?
err = tlsConn.Handshake()
passthrough.c = toconn
outbuf.transport = tlsConn
Expand Down