tlsHandshakeEOF wraps an error with context when it occurs right after a completed TLS handshake, which typically indicates the remote side rejected the client certificate (e.g. an mTLS proxy like nginx). Depending on timing, the error may be io.EOF (read from closed conn) or a "broken pipe"/"connec
(err error)
| 2702 | // Depending on timing, the error may be io.EOF (read from closed conn) |
| 2703 | // or a "broken pipe"/"connection reset" (write to closed conn). |
| 2704 | func (nc *Conn) tlsHandshakeEOF(err error) error { |
| 2705 | tlsConn, ok := nc.conn.(*tls.Conn) |
| 2706 | if !ok || !tlsConn.ConnectionState().HandshakeComplete { |
| 2707 | return err |
| 2708 | } |
| 2709 | if errors.Is(err, io.EOF) || isConnClosedError(err) { |
| 2710 | return fmt.Errorf("%w: connection closed by remote after TLS handshake: %w", ErrTLS, err) |
| 2711 | } |
| 2712 | return err |
| 2713 | } |
| 2714 | |
| 2715 | // isConnClosedError reports whether the error indicates the remote |
| 2716 | // side closed the connection (broken pipe or connection reset). |
no test coverage detected