Skip to content

Commit 4574cfa

Browse files
mholtmholt
committed
Fix unserializable ClientHelloInfo
1 parent 7548446 commit 4574cfa

File tree

1 file changed

+40
-1
lines changed

1 file changed

+40
-1
lines changed

handshake.go

+40-1
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ func (cfg *Config) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certif
5050
}
5151

5252
func (cfg *Config) GetCertificateWithContext(ctx context.Context, clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
53-
if err := cfg.emit(ctx, "tls_get_certificate", map[string]any{"client_hello": clientHello}); err != nil {
53+
if err := cfg.emit(ctx, "tls_get_certificate", map[string]any{"client_hello": clientHelloWithoutConn(clientHello)}); err != nil {
5454
cfg.Logger.Error("TLS handshake aborted by event handler",
5555
zap.String("server_name", clientHello.ServerName),
5656
zap.String("remote", clientHello.Conn.RemoteAddr().String()),
@@ -882,6 +882,45 @@ var (
882882
certLoadWaitChansMu sync.Mutex
883883
)
884884

885+
type serializableClientHello struct {
886+
CipherSuites []uint16
887+
ServerName string
888+
SupportedCurves []tls.CurveID
889+
SupportedPoints []uint8
890+
SignatureSchemes []tls.SignatureScheme
891+
SupportedProtos []string
892+
SupportedVersions []uint16
893+
894+
RemoteAddr, LocalAddr net.Addr // values copied from the Conn as they are still useful/needed
895+
conn net.Conn // unexported so it's not serialized
896+
}
897+
898+
// clientHelloWithoutConn returns the data from the ClientHelloInfo without the
899+
// pesky exported Conn field, which often causes an error when serializing because
900+
// the underlying type may be unserializable.
901+
func clientHelloWithoutConn(hello *tls.ClientHelloInfo) serializableClientHello {
902+
if hello == nil {
903+
return serializableClientHello{}
904+
}
905+
var remote, local net.Addr
906+
if hello.Conn != nil {
907+
remote = hello.Conn.RemoteAddr()
908+
local = hello.Conn.LocalAddr()
909+
}
910+
return serializableClientHello{
911+
CipherSuites: hello.CipherSuites,
912+
ServerName: hello.ServerName,
913+
SupportedCurves: hello.SupportedCurves,
914+
SupportedPoints: hello.SupportedPoints,
915+
SignatureSchemes: hello.SignatureSchemes,
916+
SupportedProtos: hello.SupportedProtos,
917+
SupportedVersions: hello.SupportedVersions,
918+
RemoteAddr: remote,
919+
LocalAddr: local,
920+
conn: hello.Conn,
921+
}
922+
}
923+
885924
type helloInfoCtxKey string
886925

887926
// ClientHelloInfoCtxKey is the key by which the ClientHelloInfo can be extracted from

0 commit comments

Comments
 (0)