diff options
author | Grzegorz Bizon <grzegorz@gitlab.com> | 2020-07-03 09:36:41 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzegorz@gitlab.com> | 2020-07-03 09:36:41 +0300 |
commit | 6809da705f3a93de6c221909991ce6d1eaf6d4dc (patch) | |
tree | 194d6df78163d1854c0ceb83e8b8b4a00c328e5a | |
parent | 8106cafb5aa5191601af99813ab7fda3bd0f1ba8 (diff) | |
parent | c4e8acc6d6e331a51216b4590f7a7ca6ec795a61 (diff) |
Merge branch '416-bump-go-1-13' into 'master'
Drop Go 1.12 and bump minimum Go 1.13
Closes #416
See merge request gitlab-org/gitlab-pages!301
-rw-r--r-- | .gitlab-ci.yml | 6 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | internal/tlsconfig/tlsconfig.go | 11 | ||||
-rw-r--r-- | internal/tlsconfig/tlsconfig_go1_12.go | 17 | ||||
-rw-r--r-- | internal/tlsconfig/tlsconfig_go1_12_test.go | 41 |
6 files changed, 7 insertions, 72 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 99875ecc..0e121cb2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -20,7 +20,7 @@ workflow: - if: '$CI_COMMIT_BRANCH =~ /^security\//' default: - image: golang:1.12 + image: golang:1.13 tags: - gitlab-org @@ -122,10 +122,6 @@ code_quality: paths: - ${REPORT_FILE} -test:1.12: - extends: .tests - image: golang:1.12 - test:1.13: extends: .tests image: golang:1.13 @@ -4,7 +4,7 @@ [![coverage report](https://gitlab.com/gitlab-org/gitlab-pages/badges/master/coverage.svg)](https://gitlab.com/gitlab-org/gitlab-pages/commits/master) This is a simple HTTP server written in Go, made to serve GitLab Pages with -CNAMEs and SNI using HTTP/HTTP2. The minimum supported Go version is v1.12. +CNAMEs and SNI using HTTP/HTTP2. The minimum supported Go version is v1.13. This is made to work in small to medium-scale environments. Start-up time scales with the number of projects being served, so the daemon is currently unsuitable @@ -1,6 +1,6 @@ module gitlab.com/gitlab-org/gitlab-pages -go 1.12 +go 1.13 require ( github.com/dgrijalva/jwt-go v3.2.0+incompatible diff --git a/internal/tlsconfig/tlsconfig.go b/internal/tlsconfig/tlsconfig.go index 1c9db71e..5d26ed52 100644 --- a/internal/tlsconfig/tlsconfig.go +++ b/internal/tlsconfig/tlsconfig.go @@ -3,7 +3,6 @@ package tlsconfig import ( "crypto/tls" "fmt" - "os" "sort" "strings" ) @@ -19,6 +18,9 @@ var ( tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_AES_128_GCM_SHA256, + tls.TLS_AES_256_GCM_SHA384, + tls.TLS_CHACHA20_POLY1305_SHA256, } // AllTLSVersions has all supported flag values @@ -28,6 +30,7 @@ var ( "tls1.0": tls.VersionTLS10, "tls1.1": tls.VersionTLS11, "tls1.2": tls.VersionTLS12, + "tls1.3": tls.VersionTLS13, } ) @@ -79,12 +82,6 @@ func ValidateTLSVersions(min, max string) error { return fmt.Errorf("Invalid maximum TLS version: %s; Should be at least %s", max, min) } - // At this point values are validated so if we have tls1.3 - // accepted we are on Go 1.12+ so let's enable it too. - if min == "tls1.3" || max == "tls1.3" { - os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1") - } - return nil } diff --git a/internal/tlsconfig/tlsconfig_go1_12.go b/internal/tlsconfig/tlsconfig_go1_12.go deleted file mode 100644 index f92bdf09..00000000 --- a/internal/tlsconfig/tlsconfig_go1_12.go +++ /dev/null @@ -1,17 +0,0 @@ -// +build go1.12 - -package tlsconfig - -import ( - "crypto/tls" -) - -func init() { - AllTLSVersions["tls1.3"] = tls.VersionTLS13 - - preferredCipherSuites = append(preferredCipherSuites, - tls.TLS_AES_128_GCM_SHA256, - tls.TLS_AES_256_GCM_SHA384, - tls.TLS_CHACHA20_POLY1305_SHA256, - ) -} diff --git a/internal/tlsconfig/tlsconfig_go1_12_test.go b/internal/tlsconfig/tlsconfig_go1_12_test.go deleted file mode 100644 index 09d18284..00000000 --- a/internal/tlsconfig/tlsconfig_go1_12_test.go +++ /dev/null @@ -1,41 +0,0 @@ -// +build go1.12 - -package tlsconfig - -import ( - "os" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestEnableTLS13(t *testing.T) { - tests := map[string]struct { - tlsMin string - tlsMax string - enableTLS13 bool - }{ - "ask for minimum TLS 1.3": {tlsMin: "tls1.3", tlsMax: "", enableTLS13: true}, - "ask for maximim TLS 1.3": {tlsMin: "", tlsMax: "tls1.3", enableTLS13: true}, - "do not ask for TLS 1.3": {tlsMin: "tls1.2", tlsMax: "tls1.2", enableTLS13: false}, - } - - // Store original GODEBUG value - godebug := os.Getenv("GODEBUG") - - for name, tc := range tests { - t.Run(name, func(t *testing.T) { - err := ValidateTLSVersions(tc.tlsMin, tc.tlsMax) - require.NoError(t, err) - - if tc.enableTLS13 { - require.Regexp(t, "tls13=1", os.Getenv("GODEBUG")) - } else { - require.NotRegexp(t, "tls13=1", godebug) - } - }) - - // Restore original GODEBUG value - os.Setenv("GODEBUG", godebug) - } -} |