Skip to content

Commit

Permalink
Merge pull request #107 from thaJeztah/drop_legacy_go
Browse files Browse the repository at this point in the history
tlsconfig: drop support for go1.17 and older
  • Loading branch information
thaJeztah authored Nov 10, 2023
2 parents 3518605 + 9548f9f commit 481d3d2
Show file tree
Hide file tree
Showing 17 changed files with 52 additions and 99 deletions.
21 changes: 13 additions & 8 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,18 +14,18 @@ jobs:
strategy:
fail-fast: false
matrix:
go: ["1.13.x", "1.20.x", "1.21.x"]
go: ["1.18.x", "1.20.x", "1.21.x"]
platform: [ubuntu-20.04]
runs-on: ${{ matrix.platform }}
steps:
- name: Install Go ${{ matrix.go }}
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
- name: Setup IPv6
run: sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0 net.ipv6.conf.default.disable_ipv6=0 net.ipv6.conf.all.disable_ipv6=0
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Build for ${{ matrix.platform }}
run: go build ./...
- name: Test
Expand All @@ -37,16 +37,16 @@ jobs:
strategy:
fail-fast: false
matrix:
go: ["1.13.x", "1.20.x", "1.21.x"]
go: ["1.18.x", "1.20.x", "1.21.x"]
platform: [windows-latest, macos-latest]
runs-on: ${{ matrix.platform }}
steps:
- name: Install Go ${{ matrix.go }}
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Build for ${{ matrix.platform }}
run: go build ./...
- name: Test
Expand All @@ -61,8 +61,13 @@ jobs:
platform: [ubuntu-20.04, windows-latest, macos-latest]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v2
- uses: golangci/golangci-lint-action@v2
- uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: "1.21.x"
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
# must be specified without patch version
version: v1.55
Expand Down
4 changes: 3 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
module github.com/docker/go-connections

go 1.13
go 1.18

require github.com/Microsoft/go-winio v0.4.14

require golang.org/x/sys v0.1.0 // indirect
3 changes: 2 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1 change: 0 additions & 1 deletion nat/nat_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,6 @@ func TestParsePortRangeToInt(t *testing.T) {

func TestPort(t *testing.T) {
p, err := NewPort("tcp", "1234")

if err != nil {
t.Fatalf("tcp, 1234 had a parsing issue: %v", err)
}
Expand Down
6 changes: 4 additions & 2 deletions proxy/network_proxy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,10 @@ import (
"time"
)

var testBuf = []byte("Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo")
var testBufSize = len(testBuf)
var (
testBuf = []byte("Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo")
testBufSize = len(testBuf)
)

type EchoServer interface {
Run()
Expand Down
2 changes: 1 addition & 1 deletion proxy/tcp_proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func (proxy *TCPProxy) clientLoop(client *net.TCPConn, quit chan bool) {
}

event := make(chan int64)
var broker = func(to, from *net.TCPConn) {
broker := func(to, from *net.TCPConn) {
written, err := io.Copy(to, from)
if err != nil {
// If the socket we are writing to is shutdown with
Expand Down
2 changes: 1 addition & 1 deletion sockets/sockets_unix.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// +build !windows
//go:build !windows

package sockets

Expand Down
8 changes: 4 additions & 4 deletions sockets/unix_socket.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
// +build !windows
//go:build !windows

/*
Package sockets is a simple unix domain socket wrapper.
Usage
# Usage
For example:
Expand Down Expand Up @@ -103,7 +103,7 @@ func NewUnixSocketWithOpts(path string, opts ...SockOption) (net.Listener, error
// We don't use "defer" here, to reset the umask to its original value as soon
// as possible. Ideally we'd be able to detect if WithChmod() was passed as
// an option, and skip changing umask if default permissions are used.
origUmask := syscall.Umask(0777)
origUmask := syscall.Umask(0o777)
l, err := net.Listen("unix", path)
syscall.Umask(origUmask)
if err != nil {
Expand All @@ -122,5 +122,5 @@ func NewUnixSocketWithOpts(path string, opts ...SockOption) (net.Listener, error

// NewUnixSocket creates a unix socket with the specified path and group.
func NewUnixSocket(path string, gid int) (net.Listener, error) {
return NewUnixSocketWithOpts(path, WithChown(0, gid), WithChmod(0660))
return NewUnixSocketWithOpts(path, WithChown(0, gid), WithChmod(0o660))
}
4 changes: 2 additions & 2 deletions sockets/unix_socket_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// +build !windows
//go:build !windows

package sockets

Expand Down Expand Up @@ -53,7 +53,7 @@ func TestNewUnixSocket(t *testing.T) {

func TestUnixSocketWithOpts(t *testing.T) {
uid, gid := os.Getuid(), os.Getgid()
perms := os.FileMode(0660)
perms := os.FileMode(0o660)
path := "/tmp/test.sock"
echoStr := "hello"
l, err := NewUnixSocketWithOpts(path, WithChown(uid, gid), WithChmod(perms))
Expand Down
2 changes: 0 additions & 2 deletions tlsconfig/certpool_go17.go → tlsconfig/certpool.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
// +build go1.7

package tlsconfig

import (
Expand Down
13 changes: 0 additions & 13 deletions tlsconfig/certpool_other.go

This file was deleted.

17 changes: 13 additions & 4 deletions tlsconfig/config.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.
//
// As a reminder from https://golang.org/pkg/crypto/tls/#Config:
//
// A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
// A Config may be reused; the tls package will also not modify it.
package tlsconfig
Expand All @@ -11,7 +12,6 @@ import (
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
"os"
)

Expand Down Expand Up @@ -103,7 +103,7 @@ func certPool(caFile string, exclusivePool bool) (*x509.CertPool, error) {
return nil, fmt.Errorf("failed to read system certificates: %v", err)
}
}
pemData, err := ioutil.ReadFile(caFile)
pemData, err := os.ReadFile(caFile)
if err != nil {
return nil, fmt.Errorf("could not read CA certificate %q: %v", caFile, err)
}
Expand All @@ -113,6 +113,15 @@ func certPool(caFile string, exclusivePool bool) (*x509.CertPool, error) {
return certPool, nil
}

// allTLSVersions lists all the TLS versions and is used by the code that validates
// a uint16 value as a TLS version.
var allTLSVersions = map[uint16]struct{}{
tls.VersionTLS10: {},
tls.VersionTLS11: {},
tls.VersionTLS12: {},
tls.VersionTLS13: {},
}

// isValidMinVersion checks that the input value is a valid tls minimum version
func isValidMinVersion(version uint16) bool {
_, ok := allTLSVersions[version]
Expand Down Expand Up @@ -176,12 +185,12 @@ func getCert(options Options) ([]tls.Certificate, error) {
return nil, nil
}

cert, err := ioutil.ReadFile(options.CertFile)
cert, err := os.ReadFile(options.CertFile)
if err != nil {
return nil, err
}

prKeyBytes, err := ioutil.ReadFile(options.KeyFile)
prKeyBytes, err := os.ReadFile(options.KeyFile)
if err != nil {
return nil, err
}
Expand Down
3 changes: 0 additions & 3 deletions tlsconfig/config_client_ciphers.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
// +build go1.5

// Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.
//
package tlsconfig

import (
Expand Down
15 changes: 0 additions & 15 deletions tlsconfig/config_legacy_client_ciphers.go

This file was deleted.

19 changes: 9 additions & 10 deletions tlsconfig/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"os"
"reflect"
"runtime"
Expand Down Expand Up @@ -69,7 +68,7 @@ func TestConfigServerTLSFailsIfUnableToLoadCerts(t *testing.T) {
key, cert := getCertAndKey()
ca := getMultiCert()

tempFile, err := ioutil.TempFile("", "cert-test")
tempFile, err := os.CreateTemp("", "cert-test")
if err != nil {
t.Fatal("Unable to create temporary empty file")
}
Expand Down Expand Up @@ -127,7 +126,7 @@ func TestConfigServerTLSServerCertsOnly(t *testing.T) {
if !reflect.DeepEqual(tlsConfig.CipherSuites, DefaultServerAcceptedCiphers) {
t.Fatal("Unexpected server cipher suites")
}
if !tlsConfig.PreferServerCipherSuites {
if !tlsConfig.PreferServerCipherSuites { //nolint:staticcheck // Ignore SA1019: tlsConfig.PreferServerCipherSuites has been deprecated since Go 1.18: PreferServerCipherSuites is ignored.
t.Fatal("Expected server to prefer cipher suites")
}
if tlsConfig.MinVersion != tls.VersionTLS12 {
Expand Down Expand Up @@ -158,7 +157,7 @@ func TestConfigServerTLSClientCANotSetIfClientAuthTooLow(t *testing.T) {
if tlsConfig.ClientAuth != tls.RequestClientCert {
t.Fatal("ClientAuth was not set to what was in the options")
}
if tlsConfig.ClientCAs != nil {
if tlsConfig.ClientCAs != nil { //nolint:staticcheck // Ignore SA1019: tlsConfig.ClientCAs.Subjects has been deprecated since Go 1.18: if s was returned by SystemCertPool, Subjects will not include the system roots.
t.Fatalf("Client CAs should never have been set")
}
}
Expand Down Expand Up @@ -191,7 +190,7 @@ func TestConfigServerTLSClientCASet(t *testing.T) {
basePool = x509.NewCertPool()
}
// because we are not enabling `ExclusiveRootPools`, any root pool will also contain the system roots
if tlsConfig.ClientCAs == nil || len(tlsConfig.ClientCAs.Subjects()) != len(basePool.Subjects())+2 {
if tlsConfig.ClientCAs == nil || len(tlsConfig.ClientCAs.Subjects()) != len(basePool.Subjects())+2 { //nolint:staticcheck // Ignore SA1019: tlsConfig.ClientCAs.Subjects has been deprecated since Go 1.18: if s was returned by SystemCertPool, Subjects will not include the system roots.
t.Fatalf("Client CAs were never set correctly")
}
}
Expand All @@ -206,7 +205,7 @@ func TestConfigServerExclusiveRootPools(t *testing.T) {
key, cert := getCertAndKey()
ca := getMultiCert()

caBytes, err := ioutil.ReadFile(ca)
caBytes, err := os.ReadFile(ca)
if err != nil {
t.Fatal("Unable to read CA certs", err)
}
Expand Down Expand Up @@ -394,7 +393,7 @@ func TestConfigClientTLSNoVerify(t *testing.T) {
t.Fatal("Unable to configure client TLS", err)
}

if tlsConfig.RootCAs != nil {
if tlsConfig.RootCAs != nil { //nolint:staticcheck // Ignore SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18: if s was returned by SystemCertPool, Subjects will not include the system roots.
t.Fatal("Should not have set Root CAs", err)
}

Expand Down Expand Up @@ -449,7 +448,7 @@ func TestConfigClientTLSRootCAFileWithOneCert(t *testing.T) {
basePool = x509.NewCertPool()
}
// because we are not enabling `ExclusiveRootPools`, any root pool will also contain the system roots
if tlsConfig.RootCAs == nil || len(tlsConfig.RootCAs.Subjects()) != len(basePool.Subjects())+2 {
if tlsConfig.RootCAs == nil || len(tlsConfig.RootCAs.Subjects()) != len(basePool.Subjects())+2 { //nolint:staticcheck // Ignore SA1019: tlsConfig.ClientCAs.Subjects has been deprecated since Go 1.18: if s was returned by SystemCertPool, Subjects will not include the system roots.
t.Fatal("Root CAs not set properly", err)
}
if tlsConfig.Certificates != nil {
Expand All @@ -471,7 +470,7 @@ func TestConfigClientTLSNonexistentRootCAFile(t *testing.T) {
func TestConfigClientTLSClientCertOrKeyInvalid(t *testing.T) {
key, cert := getCertAndKey()

tempFile, err := ioutil.TempFile("", "cert-test")
tempFile, err := os.CreateTemp("", "cert-test")
if err != nil {
t.Fatal("Unable to create temporary empty file")
}
Expand Down Expand Up @@ -569,7 +568,7 @@ func TestConfigClientExclusiveRootPools(t *testing.T) {
}
ca := getMultiCert()

caBytes, err := ioutil.ReadFile(ca)
caBytes, err := os.ReadFile(ca)
if err != nil {
t.Fatal("Unable to read CA certs", err)
}
Expand Down
16 changes: 0 additions & 16 deletions tlsconfig/versions_go113.go

This file was deleted.

15 changes: 0 additions & 15 deletions tlsconfig/versions_other.go

This file was deleted.

0 comments on commit 481d3d2

Please sign in to comment.