diff options
Diffstat (limited to 'client/go')
-rw-r--r-- | client/go/internal/vespa/crypto.go | 13 | ||||
-rw-r--r-- | client/go/internal/vespa/target.go | 6 |
2 files changed, 18 insertions, 1 deletions
diff --git a/client/go/internal/vespa/crypto.go b/client/go/internal/vespa/crypto.go index 9b4d776d97d..568d7a84d18 100644 --- a/client/go/internal/vespa/crypto.go +++ b/client/go/internal/vespa/crypto.go @@ -13,6 +13,7 @@ import ( "encoding/base64" "encoding/hex" "encoding/pem" + "errors" "fmt" "io" "math/big" @@ -220,3 +221,15 @@ func randomSerialNumber() (*big.Int, error) { serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) return rand.Int(rand.Reader, serialNumberLimit) } + +// isTLSAlert returns whether err contains a TLS alert error. +func isTLSAlert(err error) bool { + for ; err != nil; err = errors.Unwrap(err) { + // This is ugly, but alert types are currently not exposed: + // https://github.com/golang/go/issues/35234 + if fmt.Sprintf("%T", err) == "tls.alert" { + return true + } + } + return false +} diff --git a/client/go/internal/vespa/target.go b/client/go/internal/vespa/target.go index 90d1e1997da..ed3cb146eb1 100644 --- a/client/go/internal/vespa/target.go +++ b/client/go/internal/vespa/target.go @@ -153,7 +153,11 @@ func (s *Service) Do(request *http.Request, timeout time.Duration) (*http.Respon if err := s.CurlWriter.print(request, s.TLSOptions, timeout); err != nil { return nil, err } - return s.httpClient.Do(request, timeout) + resp, err := s.httpClient.Do(request, timeout) + if isTLSAlert(err) { + return nil, fmt.Errorf("%w: %s", errAuth, err) + } + return resp, err } // SetClient sets a custom HTTP client that this service should use. |