Add the option to connect using TLS to memcached servers

The PR adds the option to provide a `tls.Config` to the Client which is used by `tls.DialWithDailer` to connect to a memcached server using TLS.
grobie · Nov 22, 2021 · 331774f · 331774f
1 parent 08d7c80
commit 331774f
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 9 deletions.
diff --git a/memcache/memcache.go b/memcache/memcache.go
@@ -20,6 +20,7 @@ package memcache
 import (
 	"bufio"
 	"bytes"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@@ -149,12 +150,13 @@ func NewFromSelector(ss ServerSelector) *Client {
 type Client struct {
 	// Timeout specifies the socket read/write timeout.
 	// If zero, DefaultTimeout is used.
-	Timeout time.Duration
+	Timeout   time.Duration
 
-	selector ServerSelector
+	selector  ServerSelector
 
-	lk       sync.Mutex
-	freeconn map[string][]*conn
+	lk        sync.Mutex
+	freeconn  map[string][]*conn
+	TlsConfig *tls.Config
 }
 
 // Item is an item to be got or stored in a memcached server.
@@ -263,7 +265,16 @@ func (c *Client) dial(addr net.Addr) (net.Conn, error) {
 		err error
 	}
 
-	nc, err := net.DialTimeout(addr.Network(), addr.String(), c.netTimeout())
+	var (
+		nc net.Conn
+		err error
+	)
+	nd := net.Dialer{Timeout: c.netTimeout()}
+	if c.TlsConfig != nil {
+		nc, err = tls.DialWithDialer(&nd, addr.Network(), addr.String(), c.TlsConfig)
+	} else {
+		nc, err = nd.Dial(addr.Network(), addr.String())
+	}
 	if err == nil {
 		return nc, nil
 	}

diff --git a/memcache/memcache_test.go b/memcache/memcache_test.go
@@ -25,12 +25,16 @@ import (
 	"strings"
 	"testing"
 	"time"
+	"io/ioutil"
+	"crypto/tls"
+	"crypto/x509"
 )
 
-const testServer = "localhost:11211"
+const testServer    = "localhost:11211"
+const testServerTLS = "localhost:11212"
 
-func setup(t *testing.T) bool {
-	c, err := net.Dial("tcp", testServer)
+func setup(t *testing.T, server string) bool {
+	c, err := net.Dial("tcp", server)
 	if err != nil {
 		t.Skipf("skipping test; no server running at %s", testServer)
 	}
@@ -40,7 +44,7 @@ func setup(t *testing.T) bool {
 }
 
 func TestLocalhost(t *testing.T) {
-	if !setup(t) {
+	if !setup(t, testServer) {
 		return
 	}
 	c, err := New(testServer)
@@ -50,6 +54,34 @@ func TestLocalhost(t *testing.T) {
 	testWithClient(t, c)
 }
 
+func TestLocalhostTLS(t *testing.T) {
+	if !setup(t, testServerTLS) {
+		return
+	}
+	c, err := New(testServerTLS)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	caCert, err := ioutil.ReadFile("ca.pem")
+	if err != nil {
+		t.Fatal(err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+	tlsConfig := &tls.Config{
+		RootCAs: caCertPool,
+		ServerName: "localhost",
+	}
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	c.TlsConfig = tlsConfig
+	testWithClient(t, c)
+}
+
 func TestNewError(t *testing.T) {
 	if _, err := New("memcached.invalid:11211"); err == nil {
 		t.Errorf("expected invalid host to raise error, got none")