diff --git a/client/grpc/grpc.go b/client/grpc/grpc.go index 7c5a0084..519b4450 100644 --- a/client/grpc/grpc.go +++ b/client/grpc/grpc.go @@ -5,7 +5,9 @@ import ( "context" "crypto/tls" "fmt" + "net" "os" + "strings" "sync/atomic" "time" @@ -36,14 +38,36 @@ func init() { } // secure returns the dial option for whether its a secure or insecure connection -func (g *grpcClient) secure() grpc.DialOption { +func (g *grpcClient) secure(addr string) grpc.DialOption { + // first we check if theres'a tls config if g.opts.Context != nil { if v := g.opts.Context.Value(tlsAuth{}); v != nil { tls := v.(*tls.Config) creds := credentials.NewTLS(tls) + // return tls config if it exists return grpc.WithTransportCredentials(creds) } } + + // default config + tlsConfig := &tls.Config{} + defaultCreds := grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)) + + // check if the address is prepended with https + if strings.HasPrefix(addr, "https://") { + return defaultCreds + } + + // if no port is specified or port is 443 default to tls + _, port, err := net.SplitHostPort(addr) + // assuming with no port its going to be secured + if port == "443" { + return defaultCreds + } else if err != nil && strings.Contains(err.Error(), "missing port in address") { + return defaultCreds + } + + // other fallback to insecure return grpc.WithInsecure() } @@ -116,7 +140,7 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R grpcDialOptions := []grpc.DialOption{ grpc.WithDefaultCallOptions(grpc.ForceCodec(cf)), grpc.WithTimeout(opts.DialTimeout), - g.secure(), + g.secure(address), grpc.WithDefaultCallOptions( grpc.MaxCallRecvMsgSize(maxRecvMsgSize), grpc.MaxCallSendMsgSize(maxSendMsgSize), @@ -194,7 +218,7 @@ func (g *grpcClient) stream(ctx context.Context, node *registry.Node, req client grpcDialOptions := []grpc.DialOption{ grpc.WithDefaultCallOptions(grpc.ForceCodec(wc)), grpc.WithTimeout(opts.DialTimeout), - g.secure(), + g.secure(address), } if opts := g.getGrpcDialOptions(); opts != nil {