Fix unserializable ClientHelloInfo

2023-11-14 13:15:20 -07:00 · 2023-11-14 13:15:20 -07:00 · 4574cfafa8
commit 4574cfafa8
parent 754844673f
1 changed files with 40 additions and 1 deletions
--- a/handshake.go
+++ b/handshake.go
@ -50,7 +50,7 @@ func (cfg *Config) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certif
 }

 func (cfg *Config) GetCertificateWithContext(ctx context.Context, clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
-	if err := cfg.emit(ctx, "tls_get_certificate", map[string]any{"client_hello": clientHello}); err != nil {
+	if err := cfg.emit(ctx, "tls_get_certificate", map[string]any{"client_hello": clientHelloWithoutConn(clientHello)}); err != nil {
 		cfg.Logger.Error("TLS handshake aborted by event handler",
 			zap.String("server_name", clientHello.ServerName),
 			zap.String("remote", clientHello.Conn.RemoteAddr().String()),
@ -882,6 +882,45 @@ var (
 	certLoadWaitChansMu sync.Mutex
 )

+type serializableClientHello struct {
+	CipherSuites      []uint16
+	ServerName        string
+	SupportedCurves   []tls.CurveID
+	SupportedPoints   []uint8
+	SignatureSchemes  []tls.SignatureScheme
+	SupportedProtos   []string
+	SupportedVersions []uint16
+
+	RemoteAddr, LocalAddr net.Addr // values copied from the Conn as they are still useful/needed
+	conn                  net.Conn // unexported so it's not serialized
+}
+
+// clientHelloWithoutConn returns the data from the ClientHelloInfo without the
+// pesky exported Conn field, which often causes an error when serializing because
+// the underlying type may be unserializable.
+func clientHelloWithoutConn(hello *tls.ClientHelloInfo) serializableClientHello {
+	if hello == nil {
+		return serializableClientHello{}
+	}
+	var remote, local net.Addr
+	if hello.Conn != nil {
+		remote = hello.Conn.RemoteAddr()
+		local = hello.Conn.LocalAddr()
+	}
+	return serializableClientHello{
+		CipherSuites:      hello.CipherSuites,
+		ServerName:        hello.ServerName,
+		SupportedCurves:   hello.SupportedCurves,
+		SupportedPoints:   hello.SupportedPoints,
+		SignatureSchemes:  hello.SignatureSchemes,
+		SupportedProtos:   hello.SupportedProtos,
+		SupportedVersions: hello.SupportedVersions,
+		RemoteAddr:        remote,
+		LocalAddr:         local,
+		conn:              hello.Conn,
+	}
+}
+
 type helloInfoCtxKey string

 // ClientHelloInfoCtxKey is the key by which the ClientHelloInfo can be extracted from