mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2024-12-29 00:30:30 +01:00
33 lines
1.1 KiB
Go
33 lines
1.1 KiB
Go
// Copyright 2024 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package http2
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"errors"
|
|
"net"
|
|
)
|
|
|
|
const nextProtoUnencryptedHTTP2 = "unencrypted_http2"
|
|
|
|
// unencryptedNetConnFromTLSConn retrieves a net.Conn wrapped in a *tls.Conn.
|
|
//
|
|
// TLSNextProto functions accept a *tls.Conn.
|
|
//
|
|
// When passing an unencrypted HTTP/2 connection to a TLSNextProto function,
|
|
// we pass a *tls.Conn with an underlying net.Conn containing the unencrypted connection.
|
|
// To be extra careful about mistakes (accidentally dropping TLS encryption in a place
|
|
// where we want it), the tls.Conn contains a net.Conn with an UnencryptedNetConn method
|
|
// that returns the actual connection we want to use.
|
|
func unencryptedNetConnFromTLSConn(tc *tls.Conn) (net.Conn, error) {
|
|
conner, ok := tc.NetConn().(interface {
|
|
UnencryptedNetConn() net.Conn
|
|
})
|
|
if !ok {
|
|
return nil, errors.New("http2: TLS conn unexpectedly found in unencrypted handoff")
|
|
}
|
|
return conner.UnencryptedNetConn(), nil
|
|
}
|