WIP: feat(tsconnect/wasm): add upgradeTLS to wrapped conns #14
Reference in New Issue
Block a user
Delete Branch "feat/conn-upgrade-tls"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Adds an
upgradeTLSmethod to the conn objects returned bydial/accept, wrapping the existingnet.Connwithcrypto/tlsin place — the explicit upgrade needed for STARTTLS (SMTP) and AUTH TLS (FTPS).tlsClientConfigFromJSfactored out ofdialTLS(behavior unchanged); when no default server name is available (the upgrade case) it requiresserverNameunlessinsecureSkipVerifyis set.upgradeTLS(opts)on wrapped conns: client mode uses the same options asdialTLS(serverName,insecureSkipVerify,caCerts); server mode viaisServer: truewithcertPem/keyPem(same parsing aslistenTLS).net.Conn; the old handle must not be used afterward. On handshake failure the conn is closed.Consumed by the corresponding
@webnet/transport/@webnet/tsconnectPR on the webnet repo, which provides the in-placeRawTransport.upgradeTlssemantics one layer up.Reviewed alongside webnet/webnet#63 (the consumer of upgradeTLS). The Go side here looks correct in isolation, but flagging for context: the new
wrapConn(tlsConn)returned byupgradeTLS(around line 1484 in cmd/tsconnect/wasm/wasm_js.go) leaves the old wrapConn's read/write closures alive, still bound to the plainnet.Connthattls.Client/tls.Servernow uses internally. That's fine as long as the JS caller strictly stops using the old handle the instant it calls upgradeTLS — but webnet/webnet#63'sipn.ts Conn.upgradeTlsdoesn't actually enforce that (it doesn't mark itself in-flight during the handshake), so a concurrent read()/write() from the JS side can still reach the old handle and race the handshake on the same fd. Posted the detailed finding and suggested fix on webnet#63; no action needed here unless you want to harden this side too (e.g. by having the old wrapConn's closures start erroring once superseded).View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.