From 49f359f1e07fb672dc090e461ca3f6bac04aa10a Mon Sep 17 00:00:00 2001 From: Damian Gryski Date: Wed, 21 Aug 2024 16:33:38 -0700 Subject: [PATCH] fsthttp: set UseSSL=true when setting other TLS options for backend config --- fsthttp/backend.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fsthttp/backend.go b/fsthttp/backend.go index 8ffa0a5..187b296 100644 --- a/fsthttp/backend.go +++ b/fsthttp/backend.go @@ -245,42 +245,55 @@ func (b *BackendOptions) UseSSL(v bool) *BackendOptions { } // SSLMinVersion sets the minimum allowed TLS version on SSL connections to this backend. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) SSLMinVersion(min TLSVersion) *BackendOptions { + b.abiOpts.UseSSL(true) b.abiOpts.SSLMinVersion(fastly.TLSVersion(min)) return b } // SSLMaxVersion sets the maximum allowed TLS version on SSL connections to this backend. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) SSLMaxVersion(max TLSVersion) *BackendOptions { + b.abiOpts.UseSSL(true) b.abiOpts.SSLMaxVersion(fastly.TLSVersion(max)) return b } // CertHostname sets the hostname that the server certificate should declare. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) CertHostname(host string) *BackendOptions { + b.abiOpts.UseSSL(true) b.abiOpts.CertHostname(host) return b } // CACert sets the CA certificate to use when checking the validity of the backend. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) CACert(cert string) *BackendOptions { + b.abiOpts.UseSSL(true) b.abiOpts.CACert(cert) return b } // Ciphers sets the list of OpenSSL ciphers to support for connections to this origin. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) Ciphers(ciphers string) *BackendOptions { + b.abiOpts.UseSSL(true) b.abiOpts.Ciphers(ciphers) return b } // SNIHostname sets the SNI hostname to use on connections to this backend. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) SNIHostname(host string) *BackendOptions { + b.abiOpts.UseSSL(true) b.abiOpts.SNIHostname(host) return b } // ClientCertificate sets the client certificate to be provided to the server as part of the SSL handshake. +// Setting this will enable SSL for the connection as a side effect. func (b *BackendOptions) ClientCertificate(certificate string, key secretstore.Secret) *BackendOptions { b.abiOpts.UseSSL(true) b.abiOpts.ClientCert(certificate, key.Handle())