This will check to see if the connection should be secure. This can be dictated from either end and should only be called after the INIT protocol has been received.
()
| 2843 | // secure. This can be dictated from either end and should |
| 2844 | // only be called after the INIT protocol has been received. |
| 2845 | func (nc *Conn) checkForSecure() error { |
| 2846 | // Check to see if we need to engage TLS |
| 2847 | o := nc.Opts |
| 2848 | |
| 2849 | // Check for mismatch in setups |
| 2850 | if o.Secure && !nc.info.TLSRequired && !nc.info.TLSAvailable { |
| 2851 | return ErrSecureConnWanted |
| 2852 | } else if nc.info.TLSRequired && !o.Secure { |
| 2853 | // Switch to Secure since server needs TLS. |
| 2854 | o.Secure = true |
| 2855 | } |
| 2856 | |
| 2857 | if o.Secure { |
| 2858 | // If TLS handshake first is true, we have already done |
| 2859 | // the handshake, so we are done here. |
| 2860 | if o.TLSHandshakeFirst { |
| 2861 | return nil |
| 2862 | } |
| 2863 | // Need to rewrap with bufio |
| 2864 | if err := nc.makeTLSConn(); err != nil { |
| 2865 | return err |
| 2866 | } |
| 2867 | } |
| 2868 | return nil |
| 2869 | } |
| 2870 | |
| 2871 | // processExpectedInfo will look for the expected first INFO message |
| 2872 | // sent when a connection is established. The lock should be held entering. |
no test coverage detected