feat: hidden http/1.1 mode (#2080)

TBD54566975 · Jul 16, 2024 · e0331b2 · e0331b2
1 parent 2938311
commit e0331b2
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/internal/rpc/rpc.go b/internal/rpc/rpc.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"os"
 	"strings"
 	"time"
 
@@ -52,6 +53,23 @@ func InitialiseClients(authenticators map[string]string, allowInsecure bool) {
 			},
 		}, authenticators),
 	}
+
+	// Use a separate client for HTTP/1.1 with TLS.
+	http1TLSClient = &http.Client{
+		Transport: authn.Transport(&http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: allowInsecure, // #nosec G402
+			},
+			DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				logger := log.FromContext(ctx)
+				logger.Debugf("HTTP/1.1 connecting to %s %s", network, addr)
+
+				tlsDialer := tls.Dialer{NetDialer: dialer}
+				conn, err := tlsDialer.DialContext(ctx, network, addr)
+				return conn, fmt.Errorf("HTTP/1.1 TLS dial failed: %w", err)
+			},
+		}, authenticators),
+	}
 }
 
 func init() {
@@ -64,6 +82,8 @@ var (
 	}
 	h2cClient *http.Client
 	tlsClient *http.Client
+	// Temporary client for HTTP/1.1 with TLS to help with debugging.
+	http1TLSClient *http.Client
 )
 
 type Pingable interface {
@@ -75,6 +95,12 @@ func GetHTTPClient(url string) *http.Client {
 	if h2cClient == nil {
 		panic("rpc.InitialiseClients() must be called before GetHTTPClient()")
 	}
+
+	// TEMP_GRPC_HTTP1_ONLY set to non blank will use http1TLSClient
+	if os.Getenv("TEMP_GRPC_HTTP1_ONLY") != "" {
+		return http1TLSClient
+	}
+
 	if strings.HasPrefix(url, "http://") {
 		return h2cClient
 	}