Don't mutate registered tls configs

dprotaso · Rebecca Chin · commit 71877284629f · 2017-05-29T15:14:26.000-04:00
Signed-off-by: Rebecca Chin &lt;rchin@pivotal.io&gt;
diff --git a/AUTHORS b/AUTHORS
@@ -18,6 +18,7 @@ Carlos Nieto <jose.carlos at menteslibres.net>
 Chris Moos <chris at tech9computers.com>
 Daniel Nichter <nil at codenode.com>
 Daniël van Eeden <git at myname.nl>
+Dave Protasowski <dprotaso at gmail.com>
 DisposaBoy <disposaboy at dby.me>
 Egor Smolyakov <egorsmkv at gmail.com>
 Frederick Mayle <frederickmayle at gmail.com>
@@ -46,6 +47,7 @@ Nicola Peduzzi <thenikso at gmail.com>
 Olivier Mengué <dolmen at cpan.org>
 Paul Bonser <misterpib at gmail.com>
 Peter Schultz <peter.schultz at classmarkets.com>
+Rebecca Chin <rchin at pivotal.io>
 Runrioter Wung <runrioter at gmail.com>
 Soroush Pour <me at soroushjp.com>
 Stan Putrya <root.vagner at gmail.com>
@@ -59,4 +61,5 @@ Zhenye Xie <xiezhenye at gmail.com>
 
 Barracuda Networks, Inc.
 Google Inc.
+Pivotal Inc.
 Stripe Inc.
diff --git a/dsn.go b/dsn.go
@@ -511,6 +511,8 @@ func parseDSNParams(cfg *Config, params string) (err error) {
 				}
 
 				if tlsConfig, ok := tlsConfigRegister[name]; ok {
+					tlsConfig = cloneTLSConfig(tlsConfig)
+
 					if len(tlsConfig.ServerName) == 0 && !tlsConfig.InsecureSkipVerify {
 						host, _, err := net.SplitHostPort(cfg.Addr)
 						if err == nil {
diff --git a/dsn_test.go b/dsn_test.go
@@ -159,6 +159,8 @@ func TestDSNWithCustomTLS(t *testing.T) {
 		t.Error(err.Error())
 	} else if cfg.tls.ServerName != name {
 		t.Errorf("did not get the correct ServerName (%s) parsing DSN (%s).", name, tst)
+	} else if tlsCfg.ServerName != "" {
+		t.Errorf("tlsCfg was mutated ServerName (%s) should be empty parsing DSN (%s).", name, tst)
 	}
 
 	DeregisterTLSConfig("utils_test")
diff --git a/utils.go b/utils.go
@@ -26,6 +26,8 @@ var (
 // RegisterTLSConfig registers a custom tls.Config to be used with sql.Open.
 // Use the key as a value in the DSN where tls=value.
 //
+// Note: The tls.Config provided to needs to be exclusively owned by the driver after registering.
+//
 //  rootCertPool := x509.NewCertPool()
 //  pem, err := ioutil.ReadFile("/path/ca-cert.pem")
 //  if err != nil {
diff --git a/utils_go18.go b/utils_go18.go
@@ -0,0 +1,9 @@
+// +build go1.8
+
+package mysql
+
+import "crypto/tls"
+
+func cloneTLSConfig(c *tls.Config) *tls.Config {
+	return c.Clone()
+}
diff --git a/utils_legacy.go b/utils_legacy.go
@@ -0,0 +1,10 @@
+// +build !go1.8
+
+package mysql
+
+import "crypto/tls"
+
+func cloneTLSConfig(c *tls.Config) *tls.Config {
+	clone := *c
+	return &clone
+}

Original file line number	Diff line number	Diff line change
`@@ -511,6 +511,8 @@ func parseDSNParams(cfg *Config, params string) (err error) {`
`511`	`511`	`}`
`512`	`512`
`513`	`513`	`if tlsConfig, ok := tlsConfigRegister[name]; ok {`
	`514`	`+ tlsConfig = cloneTLSConfig(tlsConfig)`
	`515`	`+`
`514`	`516`	`if len(tlsConfig.ServerName) == 0 && !tlsConfig.InsecureSkipVerify {`
`515`	`517`	`host, _, err := net.SplitHostPort(cfg.Addr)`
`516`	`518`	`if err == nil {`
Original file line number	Diff line number	Diff line change
`@@ -159,6 +159,8 @@ func TestDSNWithCustomTLS(t *testing.T) {`
`159`	`159`	`t.Error(err.Error())`
`160`	`160`	`} else if cfg.tls.ServerName != name {`
`161`	`161`	`t.Errorf("did not get the correct ServerName (%s) parsing DSN (%s).", name, tst)`
	`162`	`+ } else if tlsCfg.ServerName != "" {`
	`163`	`+ t.Errorf("tlsCfg was mutated ServerName (%s) should be empty parsing DSN (%s).", name, tst)`
`162`	`164`	`}`
`163`	`165`
`164`	`166`	`DeregisterTLSConfig("utils_test")`