terraform/vendor/github.com/fsouza/go-dockerclient/tls.go

// Copyright 2014 go-dockerclient authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
// The content is borrowed from Docker's own source code to provide a simple
// tls based dialer

package docker

import (
	"crypto/tls"
	"errors"
	"net"
	"strings"
	"time"
)

type tlsClientCon struct {
	*tls.Conn
	rawConn net.Conn
}

func (c *tlsClientCon) CloseWrite() error {
	// Go standard tls.Conn doesn't provide the CloseWrite() method so we do it
	// on its underlying connection.
	if cwc, ok := c.rawConn.(interface {
		CloseWrite() error
	}); ok {
		return cwc.CloseWrite()
	}
	return nil
}

func tlsDialWithDialer(dialer *net.Dialer, network, addr string, config *tls.Config) (net.Conn, error) {
	// We want the Timeout and Deadline values from dialer to cover the
	// whole process: TCP connection and TLS handshake. This means that we
	// also need to start our own timers now.
	timeout := dialer.Timeout

	if !dialer.Deadline.IsZero() {
		deadlineTimeout := dialer.Deadline.Sub(time.Now())
		if timeout == 0 || deadlineTimeout < timeout {
			timeout = deadlineTimeout
		}
	}

	var errChannel chan error

	if timeout != 0 {
		errChannel = make(chan error, 2)
		time.AfterFunc(timeout, func() {
			errChannel <- errors.New("")
		})
	}

	rawConn, err := dialer.Dial(network, addr)
	if err != nil {
		return nil, err
	}

	colonPos := strings.LastIndex(addr, ":")
	if colonPos == -1 {
		colonPos = len(addr)
	}
	hostname := addr[:colonPos]

	// If no ServerName is set, infer the ServerName
	// from the hostname we're connecting to.
	if config.ServerName == "" {
		// Make a copy to avoid polluting argument or default.
		config = copyTLSConfig(config)
		config.ServerName = hostname
	}

	conn := tls.Client(rawConn, config)

	if timeout == 0 {
		err = conn.Handshake()
	} else {
		go func() {
			errChannel <- conn.Handshake()
		}()

		err = <-errChannel
	}

	if err != nil {
		rawConn.Close()
		return nil, err
	}

	// This is Docker difference with standard's crypto/tls package: returned a
	// wrapper which holds both the TLS and raw connections.
	return &tlsClientCon{conn, rawConn}, nil
}

// this exists to silent an error message in go vet
func copyTLSConfig(cfg *tls.Config) *tls.Config {
	return &tls.Config{
		Certificates:             cfg.Certificates,
		CipherSuites:             cfg.CipherSuites,
		ClientAuth:               cfg.ClientAuth,
		ClientCAs:                cfg.ClientCAs,
		ClientSessionCache:       cfg.ClientSessionCache,
		CurvePreferences:         cfg.CurvePreferences,
		InsecureSkipVerify:       cfg.InsecureSkipVerify,
		MaxVersion:               cfg.MaxVersion,
		MinVersion:               cfg.MinVersion,
		NameToCertificate:        cfg.NameToCertificate,
		NextProtos:               cfg.NextProtos,
		PreferServerCipherSuites: cfg.PreferServerCipherSuites,
		Rand:                   cfg.Rand,
		RootCAs:                cfg.RootCAs,
		ServerName:             cfg.ServerName,
		SessionTicketKey:       cfg.SessionTicketKey,
		SessionTicketsDisabled: cfg.SessionTicketsDisabled,
	}
}
Vendor all dependencies w/ Godep * Remove `make updatedeps` from Travis build. We'll follow up with more specific plans around dependency updating in subsequent PRs. * Update all `make` targets to set `GO15VENDOREXPERIMENT=1` and to filter out `/vendor/` from `./...` where appropriate. * Temporarily remove `vet` from the `make test` target until we can figure out how to get it to not vet `vendor/`. (Initial experimentation failed to yield the proper incantation.) Everything is pinned to current master, with the exception of: * Azure/azure-sdk-for-go which is pinned before the breaking change today * aws/aws-sdk-go which is pinned to the most recent tag The documentation still needs to be updated, which we can do in a follow up PR. The goal here is to unblock release. 2016-01-29 20:53:56 +01:00			`// Copyright 2014 go-dockerclient authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`
			`//`
			`// The content is borrowed from Docker's own source code to provide a simple`
			`// tls based dialer`

			`package docker`

			`import (`
			`"crypto/tls"`
			`"errors"`
			`"net"`
			`"strings"`
			`"time"`
			`)`

			`type tlsClientCon struct {`
			`*tls.Conn`
			`rawConn net.Conn`
			`}`

			`func (c *tlsClientCon) CloseWrite() error {`
			`// Go standard tls.Conn doesn't provide the CloseWrite() method so we do it`
			`// on its underlying connection.`
			`if cwc, ok := c.rawConn.(interface {`
			`CloseWrite() error`
			`}); ok {`
			`return cwc.CloseWrite()`
			`}`
			`return nil`
			`}`

			`func tlsDialWithDialer(dialer net.Dialer, network, addr string, config tls.Config) (net.Conn, error) {`
			`// We want the Timeout and Deadline values from dialer to cover the`
			`// whole process: TCP connection and TLS handshake. This means that we`
			`// also need to start our own timers now.`
			`timeout := dialer.Timeout`

			`if !dialer.Deadline.IsZero() {`
			`deadlineTimeout := dialer.Deadline.Sub(time.Now())`
			`if timeout == 0 \|\| deadlineTimeout < timeout {`
			`timeout = deadlineTimeout`
			`}`
			`}`

			`var errChannel chan error`

			`if timeout != 0 {`
			`errChannel = make(chan error, 2)`
			`time.AfterFunc(timeout, func() {`
			`errChannel <- errors.New("")`
			`})`
			`}`

			`rawConn, err := dialer.Dial(network, addr)`
			`if err != nil {`
			`return nil, err`
			`}`

			`colonPos := strings.LastIndex(addr, ":")`
			`if colonPos == -1 {`
			`colonPos = len(addr)`
			`}`
			`hostname := addr[:colonPos]`

			`// If no ServerName is set, infer the ServerName`
			`// from the hostname we're connecting to.`
			`if config.ServerName == "" {`
			`// Make a copy to avoid polluting argument or default.`
vendor: Nomad 2016-10-24 08:15:30 +02:00			`config = copyTLSConfig(config)`
			`config.ServerName = hostname`
Vendor all dependencies w/ Godep * Remove `make updatedeps` from Travis build. We'll follow up with more specific plans around dependency updating in subsequent PRs. * Update all `make` targets to set `GO15VENDOREXPERIMENT=1` and to filter out `/vendor/` from `./...` where appropriate. * Temporarily remove `vet` from the `make test` target until we can figure out how to get it to not vet `vendor/`. (Initial experimentation failed to yield the proper incantation.) Everything is pinned to current master, with the exception of: * Azure/azure-sdk-for-go which is pinned before the breaking change today * aws/aws-sdk-go which is pinned to the most recent tag The documentation still needs to be updated, which we can do in a follow up PR. The goal here is to unblock release. 2016-01-29 20:53:56 +01:00			`}`

			`conn := tls.Client(rawConn, config)`

			`if timeout == 0 {`
			`err = conn.Handshake()`
			`} else {`
			`go func() {`
			`errChannel <- conn.Handshake()`
			`}()`

			`err = <-errChannel`
			`}`

			`if err != nil {`
			`rawConn.Close()`
			`return nil, err`
			`}`

			`// This is Docker difference with standard's crypto/tls package: returned a`
			`// wrapper which holds both the TLS and raw connections.`
			`return &tlsClientCon{conn, rawConn}, nil`
			`}`
vendor: Nomad 2016-10-24 08:15:30 +02:00
			`// this exists to silent an error message in go vet`
			`func copyTLSConfig(cfg tls.Config) tls.Config {`
			`return &tls.Config{`
			`Certificates: cfg.Certificates,`
			`CipherSuites: cfg.CipherSuites,`
			`ClientAuth: cfg.ClientAuth,`
			`ClientCAs: cfg.ClientCAs,`
			`ClientSessionCache: cfg.ClientSessionCache,`
			`CurvePreferences: cfg.CurvePreferences,`
			`InsecureSkipVerify: cfg.InsecureSkipVerify,`
			`MaxVersion: cfg.MaxVersion,`
			`MinVersion: cfg.MinVersion,`
			`NameToCertificate: cfg.NameToCertificate,`
			`NextProtos: cfg.NextProtos,`
			`PreferServerCipherSuites: cfg.PreferServerCipherSuites,`
			`Rand: cfg.Rand,`
			`RootCAs: cfg.RootCAs,`
			`ServerName: cfg.ServerName,`
			`SessionTicketKey: cfg.SessionTicketKey,`
			`SessionTicketsDisabled: cfg.SessionTicketsDisabled,`
			`}`
			`}`