From 1ef422c90060ba3e5828304b918e6586eaf81441 Mon Sep 17 00:00:00 2001 From: Gyuho Lee Date: Wed, 20 Feb 2019 16:07:26 -0800 Subject: [PATCH] clientconn: set authority with the latest dial target When user dials with "grpc.WithDialer", "grpc.DialContext" "cc.parsedTarget" update only happpens once. This is problematic, because when TLS is enabled, retries happen through "grpc.WithDialer" with static "cc.parsedTarget" from the initial dial call. If the server authenticates by IP addresses, we want to set a new endpoint as a new authority. Otherwise "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 192.168.154.254, not 192.168.208.149" Signed-off-by: Gyuho Lee --- vendor/google.golang.org/grpc/clientconn.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 9b035e8f563..e60db4415da 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -950,6 +950,17 @@ func (ac *addrConn) createTransport(connectRetryNum, ridx int, backoffDeadline, Metadata: addr.Metadata, Authority: ac.cc.authority, } + if target.Addr != target.Authority { + target.Authority = target.Addr + + // When user dials with "grpc.WithDialer", "grpc.DialContext" "cc.parsedTarget" + // update only happpens once. This is problematic, because when TLS is enabled, + // retries happen through "grpc.WithDialer" with static "cc.parsedTarget" from + // the initial dial call. + // If the server authenticates by IP addresses, we want to set a new endpoint as + // a new authority. Otherwise + // "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 192.168.154.254, not 192.168.208.149" + } done := make(chan struct{}) onPrefaceReceipt := func() { ac.mu.Lock()