(dubbo-go) branch develop updated: support new triple tls (#2852)

Mon, 28 Apr 2025 22:00:59 -0700 

This is an automated email from the ASF dual-hosted git repository.

alexstocks pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/dubbo-go.git


The following commit(s) were added to refs/heads/develop by this push:
     new 30d26477b support new triple tls (#2852)
30d26477b is described below

commit 30d26477bd60489a79de038f3aa169d7a71c86ba
Author: marsevilspirit <[email protected]>
AuthorDate: Tue Apr 29 13:00:34 2025 +0800

    support new triple tls (#2852)
---
 protocol/triple/client.go                 | 25 +++++++++++++++++++++++++
 protocol/triple/server.go                 | 25 ++++++++++++++++++++++++-
 protocol/triple/triple_protocol/server.go | 16 ++++++++++++----
 3 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/protocol/triple/client.go b/protocol/triple/client.go
index 05cc1d9f9..1cc34d44f 100644
--- a/protocol/triple/client.go
+++ b/protocol/triple/client.go
@@ -27,6 +27,8 @@ import (
 )
 
 import (
+       "github.com/dubbogo/gost/log/logger"
+
        "github.com/dustin/go-humanize"
 
        "golang.org/x/net/http2"
@@ -35,6 +37,7 @@ import (
 import (
        "dubbo.apache.org/dubbo-go/v3/common"
        "dubbo.apache.org/dubbo-go/v3/common/constant"
+       "dubbo.apache.org/dubbo-go/v3/config"
        tri "dubbo.apache.org/dubbo-go/v3/protocol/triple/triple_protocol"
 )
 
@@ -179,6 +182,28 @@ func newClientManager(url *common.URL) (*clientManager, 
error) {
        // todo(DMwangnima): support TLS in an ideal way
        var cfg *tls.Config
        var tlsFlag bool
+       var err error
+
+       // handle tls config
+       // TODO: think about a more elegant way to configure tls,
+       // Maybe we can try to create a ClientOptions for unified settings,
+       // after this function becomes bloated.
+
+       // TODO: Once the global replacement of the config is completed,
+       // replace config with global.
+       if tlsConfig := config.GetRootConfig().TLSConfig; tlsConfig != nil {
+               cfg, err = config.GetClientTlsConfig(&config.TLSConfig{
+                       CACertFile:    tlsConfig.CACertFile,
+                       TLSCertFile:   tlsConfig.TLSCertFile,
+                       TLSKeyFile:    tlsConfig.TLSKeyFile,
+                       TLSServerName: tlsConfig.TLSServerName,
+               })
+               if err != nil {
+                       return nil, err
+               }
+               logger.Infof("TRIPLE clientManager initialized the TLSConfig 
configuration")
+               tlsFlag = true
+       }
 
        var transport http.RoundTripper
        callType := url.GetParam(constant.CallHTTPTypeKey, constant.CallHTTP2)
diff --git a/protocol/triple/server.go b/protocol/triple/server.go
index 6c19585bd..2e5bcd7ec 100644
--- a/protocol/triple/server.go
+++ b/protocol/triple/server.go
@@ -19,6 +19,7 @@ package triple
 
 import (
        "context"
+       "crypto/tls"
        "fmt"
        "net/http"
        "reflect"
@@ -83,7 +84,29 @@ func (s *Server) Start(invoker protocol.Invoker, info 
*common.ServiceInfo) {
        }
        // todo: support opentracing interceptor
 
-       // todo(DMwangnima): think about a more elegant way to configure tls
+       var cfg *tls.Config
+       var err error
+       // handle tls config
+       // TODO: think about a more elegant way to configure tls,
+       // Maybe we can try to create a ServerOptions for unified settings,
+       // after this function becomes bloated.
+
+       // TODO: Once the global replacement of the config is completed,
+       // replace config with global.
+       tlsConfig := config.GetRootConfig().TLSConfig
+       if tlsConfig != nil {
+               cfg, err = config.GetServerTlsConfig(&config.TLSConfig{
+                       CACertFile:    tlsConfig.CACertFile,
+                       TLSCertFile:   tlsConfig.TLSCertFile,
+                       TLSKeyFile:    tlsConfig.TLSKeyFile,
+                       TLSServerName: tlsConfig.TLSServerName,
+               })
+               if err != nil {
+                       return
+               }
+               s.triServer.SetTLSConfig(cfg)
+               logger.Infof("TRIPLE Server initialized the TLSConfig 
configuration")
+       }
 
        // todo:// move tls config to handleService
 
diff --git a/protocol/triple/triple_protocol/server.go 
b/protocol/triple/triple_protocol/server.go
index 087aca49f..4dc54e5ab 100644
--- a/protocol/triple/triple_protocol/server.go
+++ b/protocol/triple/triple_protocol/server.go
@@ -19,6 +19,7 @@ package triple_protocol
 
 import (
        "context"
+       "crypto/tls"
        "net/http"
        "sync"
 )
@@ -171,13 +172,20 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r 
*http.Request) {
 }
 
 func (s *Server) Run() error {
-       // todo(DMwangnima): deal with TLS
        s.httpSrv.Handler = h2c.NewHandler(s, &http2.Server{})
 
-       if err := s.httpSrv.ListenAndServe(); err != nil {
-               return err
+       var err error
+       if s.httpSrv.TLSConfig != nil {
+               // TODO: Maybe we should be able to find a better way to start 
TLS.
+               err = s.httpSrv.ListenAndServeTLS("", "")
+       } else {
+               err = s.httpSrv.ListenAndServe()
        }
-       return nil
+       return err
+}
+
+func (s *Server) SetTLSConfig(c *tls.Config) {
+       s.httpSrv.TLSConfig = c
 }
 
 func (s *Server) Stop() error {

Reply via email to