refactor: set app version when enabling remote tls issue reporting
This commit is contained in:
parent
0fd5ca3a24
commit
e9735c6110
|
@ -44,11 +44,11 @@ func (c *Config) GetRoundTripper(cm *pmapi.ClientManager, listener listener.List
|
|||
basicDialer := pmapi.NewBasicTLSDialer()
|
||||
|
||||
// We wrap the TLS dialer in a layer which enforces connections to trusted servers.
|
||||
pinningDialer := pmapi.NewPinningTLSDialer(basicDialer, c.GetAPIConfig().AppVersion)
|
||||
pinningDialer := pmapi.NewPinningTLSDialer(basicDialer)
|
||||
|
||||
// We want any pin mismatches to be communicated back to bridge GUI and reported.
|
||||
pinningDialer.SetTLSIssueNotifier(func() { listener.Emit(events.TLSCertIssue, "") })
|
||||
pinningDialer.SetRemoteTLSIssueReporting(true)
|
||||
pinningDialer.EnableRemoteTLSIssueReporting(c.GetAPIConfig().AppVersion)
|
||||
|
||||
// We wrap the pinning dialer in a layer which adds "alternative routing" feature.
|
||||
proxyDialer := pmapi.NewProxyTLSDialer(pinningDialer, cm)
|
||||
|
|
|
@ -33,12 +33,12 @@ type PinningTLSDialer struct {
|
|||
// pinChecker is used to check TLS keys of connections.
|
||||
pinChecker PinChecker
|
||||
|
||||
// appVersion is supplied if there is a TLS mismatch.
|
||||
appVersion string
|
||||
|
||||
// tlsIssueNotifier is used to notify something when there is a TLS issue.
|
||||
tlsIssueNotifier func()
|
||||
|
||||
// appVersion is needed to report TLS mismatches.
|
||||
appVersion string
|
||||
|
||||
// enableRemoteReporting instructs the dialer to report TLS mismatches.
|
||||
enableRemoteReporting bool
|
||||
|
||||
|
@ -49,11 +49,10 @@ type PinningTLSDialer struct {
|
|||
// NewPinningTLSDialer constructs a new dialer which only returns tcp connections to servers
|
||||
// which present known certificates.
|
||||
// If enabled, it reports any invalid certificates it finds.
|
||||
func NewPinningTLSDialer(dialer TLSDialer, appVersion string) *PinningTLSDialer {
|
||||
func NewPinningTLSDialer(dialer TLSDialer) *PinningTLSDialer {
|
||||
return &PinningTLSDialer{
|
||||
dialer: dialer,
|
||||
pinChecker: NewPinChecker(TrustedAPIPins),
|
||||
appVersion: appVersion,
|
||||
log: logrus.WithField("pkg", "pmapi/tls-pinning"),
|
||||
}
|
||||
}
|
||||
|
@ -62,8 +61,9 @@ func (p *PinningTLSDialer) SetTLSIssueNotifier(notifier func()) {
|
|||
p.tlsIssueNotifier = notifier
|
||||
}
|
||||
|
||||
func (p *PinningTLSDialer) SetRemoteTLSIssueReporting(enabled bool) {
|
||||
p.enableRemoteReporting = enabled
|
||||
func (p *PinningTLSDialer) EnableRemoteTLSIssueReporting(appVersion string) {
|
||||
p.enableRemoteReporting = true
|
||||
p.appVersion = appVersion
|
||||
}
|
||||
|
||||
// DialTLS dials the given network/address, returning an error if the certificates don't match the trusted pins.
|
||||
|
|
|
@ -33,7 +33,7 @@ var testLiveConfig = &ClientConfig{
|
|||
func createAndSetPinningDialer(cm *ClientManager) (*int, *PinningTLSDialer) {
|
||||
called := 0
|
||||
|
||||
dialer := NewPinningTLSDialer(NewBasicTLSDialer(), testLiveConfig.AppVersion)
|
||||
dialer := NewPinningTLSDialer(NewBasicTLSDialer())
|
||||
dialer.SetTLSIssueNotifier(func() { called++ })
|
||||
cm.SetRoundTripper(CreateTransportWithDialer(dialer))
|
||||
|
||||
|
|
|
@ -144,7 +144,7 @@ func (p *proxyProvider) canReach(url string) bool {
|
|||
url = "https://" + url
|
||||
}
|
||||
|
||||
pinningDialer := NewPinningTLSDialer(NewBasicTLSDialer(), "")
|
||||
pinningDialer := NewPinningTLSDialer(NewBasicTLSDialer())
|
||||
|
||||
pinger := resty.New().
|
||||
SetHostURL(url).
|
||||
|
|
Loading…
Reference in New Issue