MCPcopy
hub / github.com/grpc/grpc-go / ServerHandshake

Method ServerHandshake

credentials/tls.go:168–197  ·  view source on GitHub ↗
(rawConn net.Conn)

Source from the content-addressed store, hash-verified

166}
167
168func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error) {
169 conn := tls.Server(rawConn, c.config)
170 if err := conn.Handshake(); err != nil {
171 conn.Close()
172 return nil, nil, err
173 }
174 cs := conn.ConnectionState()
175 // The negotiated application protocol can be empty only if the client doesn't
176 // support ALPN. In such cases, we can close the connection since ALPN is required
177 // for using HTTP/2 over TLS.
178 if cs.NegotiatedProtocol == "" {
179 if envconfig.EnforceALPNEnabled {
180 conn.Close()
181 return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property. %s", alpnFailureHelpMessage)
182 } else if logger.V(2) {
183 logger.Info("Allowing TLS connection from client with ALPN disabled. TLS connections with ALPN disabled will be disallowed in future grpc-go releases")
184 }
185 }
186 tlsInfo := TLSInfo{
187 State: cs,
188 CommonAuthInfo: CommonAuthInfo{
189 SecurityLevel: PrivacyAndIntegrity,
190 },
191 }
192 id := credinternal.SPIFFEIDFromState(conn.ConnectionState())
193 if id != nil {
194 tlsInfo.SPIFFEID = id
195 }
196 return credinternal.WrapSyscallConn(rawConn, conn), tlsInfo, nil
197}
198
199func (c *tlsCreds) Clone() TransportCredentials {
200 return NewTLS(c.config)

Callers

nothing calls this directly

Calls 4

CloseMethod · 0.65
ErrorfMethod · 0.65
VMethod · 0.65
InfoMethod · 0.65

Tested by

no test coverage detected