|
| 1 | +// Copyright 2023 Google LLC |
| 2 | +// |
| 3 | +// Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | +// you may not use this file except in compliance with the License. |
| 5 | +// You may obtain a copy of the License at |
| 6 | +// |
| 7 | +// https://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +// |
| 9 | +// Unless required by applicable law or agreed to in writing, software |
| 10 | +// distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +// See the License for the specific language governing permissions and |
| 13 | +// limitations under the License. |
| 14 | + |
| 15 | +//go:build go1.17 |
| 16 | +// +build go1.17 |
| 17 | + |
| 18 | +package cloudsqlconn |
| 19 | + |
| 20 | +import ( |
| 21 | + "context" |
| 22 | + "crypto/tls" |
| 23 | + "net" |
| 24 | + |
| 25 | + "cloud.google.com/go/cloudsqlconn/errtype" |
| 26 | + "cloud.google.com/go/cloudsqlconn/internal/cloudsql" |
| 27 | +) |
| 28 | + |
| 29 | +// connectTLS returns a new TLS client side connection |
| 30 | +// using conn as the underlying transport. |
| 31 | +// |
| 32 | +// The returned connection has already completed its TLS handshake. |
| 33 | +func connectTLS(ctx context.Context, conn net.Conn, c *tls.Config, i *cloudsql.Instance) (net.Conn, error) { |
| 34 | + tlsConn := tls.Client(conn, c) |
| 35 | + // HandshakeContext was introduced in Go 1.17, hence |
| 36 | + // this file is conditionally compiled on only Go versions >= 1.17. |
| 37 | + if err := tlsConn.HandshakeContext(ctx); err != nil { |
| 38 | + // refresh the instance info in case it caused the handshake failure |
| 39 | + i.ForceRefresh() |
| 40 | + _ = tlsConn.Close() // best effort close attempt |
| 41 | + return nil, errtype.NewDialError("handshake failed", i.String(), err) |
| 42 | + } |
| 43 | + return tlsConn, nil |
| 44 | +} |
0 commit comments