From ba140bec3a6804b0cc073ca17999fee9a1b7f13c Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Mon, 17 Aug 2020 19:07:20 +0100 Subject: [PATCH] Allow the customization of the TLS connection --- mssql.go | 6 ++++++ tds.go | 16 +++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/mssql.go b/mssql.go index 25c268ed..bf941f75 100644 --- a/mssql.go +++ b/mssql.go @@ -2,6 +2,7 @@ package mssql import ( "context" + "crypto/tls" "database/sql" "database/sql/driver" "encoding/binary" @@ -126,6 +127,11 @@ type Connector struct { // Dialer sets a custom dialer for all network operations. // If Dialer is not set, normal net dialers are used. Dialer Dialer + + // Called to create a new and customized TLS connection. + // If NewTLSConn is not set, tls.Client is called to create the + // TLS connection. + NewTLSConn func(conn net.Conn, config *tls.Config) *tls.Conn } type Dialer interface { diff --git a/tds.go b/tds.go index 832c4fd2..09d28073 100644 --- a/tds.go +++ b/tds.go @@ -934,7 +934,21 @@ initiate_connection: // setting up connection handler which will allow wrapping of TLS handshake packets inside TDS stream handshakeConn := tlsHandshakeConn{buf: outbuf} passthrough := passthroughConn{c: &handshakeConn} - tlsConn := tls.Client(&passthrough, &config) + var tlsConn *tls.Conn + if c.NewTLSConn != nil { + // TODO modify NewTLSConn to also return an err? and bail if err? + // TODO should NewTLSConn have a config argument? it will be + // passed initialized, which might be odd? + // the rationale being, if you set NewTLSConn, you should + // known what you are doing, and it should only be + // c.NewTLSConn(&passthrough)? But then again... how to + // access connectParams for getting, at least, + // p.hostInCertificate? + tlsConn = c.NewTLSConn(&passthrough, &config) + } else { + tlsConn = tls.Client(&passthrough, &config) + } + // TODO err when tlsConn is nil? err = tlsConn.Handshake() passthrough.c = toconn outbuf.transport = tlsConn