Merge branch 'hotfix/atomic-cert' into 'release'

Hotfix/atomic cert See merge request !7

Merge branch 'hotfix/atomic-cert' into 'release'
2ed1fec7 · Jonah Husson · 527c45dd · 436c7ab7 · 2ed1fec7 · 2ed1fec7
Commit 2ed1fec7 authored Dec 21, 2022 by Jonah Husson
--- a/grpcweb/grpcweb.go
+++ b/grpcweb/grpcweb.go
@@ -182,8 +182,8 @@ func (c *ClientConn) applyCallOptions(opts []CallOption) *callOptions {
 	return &callOptions
 }
-func (c *ClientConn) GetReceivedCertificate() (*x509.Certificate, error) {
+func (c *ClientConn) GetRemoteCertificate() (*x509.Certificate, error) {
-	return c.transport.GetReceivedCertificate()
+	return c.transport.GetRemoteCertificate()
 }
 // copied from rpc_util.go#msgHeader

--- a/grpcweb/grpcweb_test.go
+++ b/grpcweb/grpcweb_test.go
@@ -28,7 +28,7 @@ type unaryTransport struct {
 	err        error
 }
-func (t *unaryTransport) GetReceivedCertificate() (*x509.Certificate, error) {
+func (t *unaryTransport) GetRemoteCertificate() (*x509.Certificate, error) {
 	panic("UNIMPLEMENTED")
 	return nil, nil
 }

--- a/grpcweb/transport/transport.go
+++ b/grpcweb/transport/transport.go
@@ -18,6 +18,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 )
@@ -25,7 +26,7 @@ import (
 type UnaryTransport interface {
 	Header() http.Header
 	Send(ctx context.Context, endpoint, contentType string, body io.Reader) (http.Header, []byte, error)
-	GetReceivedCertificate() (*x509.Certificate, error)
+	GetRemoteCertificate() (*x509.Certificate, error)
 	Close() error
 }
@@ -34,8 +35,7 @@ type httpTransport struct {
 	client             *http.Client
 	clientLock         *sync.RWMutex
 	opts               *ConnectOptions
-	receivedCertLock sync.RWMutex
+	receivedCertAtomic atomic.Value
-	receivedCert     *x509.Certificate
 	header http.Header
 }
@@ -102,34 +102,19 @@ func (t *httpTransport) Send(ctx context.Context, endpoint, contentType string,
 	if res.TLS != nil {
 		if res.TLS.PeerCertificates != nil && len(res.TLS.PeerCertificates) > 0 {
 			serverCert := res.TLS.PeerCertificates[0]
-			t.receivedCertLock.RLock()
+			t.receivedCertAtomic.Store(serverCert)
-			newCert := t.receivedCert == nil || !certsEqual(t.receivedCert, serverCert)
-			t.receivedCertLock.RUnlock()
-			if newCert {
-				t.receivedCertLock.Lock()
-				stillNewCert := t.receivedCert == nil || !certsEqual(t.receivedCert, serverCert)
-				if stillNewCert {
-					t.receivedCert = serverCert
-				}
-				t.receivedCertLock.Unlock()
-			}
 		}
 	}
 	return res.Header, respBody, nil
 }
-func (t *httpTransport) GetReceivedCertificate() (*x509.Certificate, error) {
+func (t *httpTransport) GetRemoteCertificate() (*x509.Certificate, error) {
-	t.receivedCertLock.RLock()
+	receivedCert := t.receivedCertAtomic.Load()
-	defer t.receivedCertLock.RUnlock()
+	if receivedCert == nil {
-	if t.receivedCert == nil {
 		return nil, errors.New("http transport has not yet received a tls certificate")
 	}
-	return t.receivedCert, nil
+	return receivedCert.(*x509.Certificate), nil
-}
-func certsEqual(c1, c2 *x509.Certificate) bool {
-	return c1.Issuer.String() == c2.Issuer.String() && c1.SerialNumber == c2.SerialNumber
 }
 // Close the httpTransport object