From: Sergey Matveev <stargrave@stargrave.org>
Date: Thu, 23 Sep 2021 18:41:53 +0000 (+0300)
Subject: Use TLS session tickets cache
X-Git-Tag: v3.0.0~19
X-Git-Url: http://www.git.cypherpunks.ru/?p=gocheese.git;a=commitdiff_plain;h=9b894ff2421ac5c8bd6b8c21b365617356e8762d

Use TLS session tickets cache
---

diff --git a/gocheese.go b/gocheese.go
index ed7e55d..67bc1c1 100644
--- a/gocheese.go
+++ b/gocheese.go
@@ -302,23 +302,26 @@ func main() {
 		log.Fatalln(err)
 	}
 	refreshPasswd()
-	if *pypiCertHash == "" {
-		pypiHTTPTransport = http.Transport{}
-	} else {
+	tlsConfig := tls.Config{
+		ClientSessionCache: tls.NewLRUClientSessionCache(16),
+		NextProtos:         []string{"h2", "http/1.1"},
+	}
+	pypiHTTPTransport = http.Transport{
+		ForceAttemptHTTP2: true,
+		TLSClientConfig:   &tlsConfig,
+	}
+	if *pypiCertHash != "" {
 		ourDgst, err := hex.DecodeString(*pypiCertHash)
 		if err != nil {
 			log.Fatalln(err)
 		}
-		pypiHTTPTransport = http.Transport{
-			TLSClientConfig: &tls.Config{
-				VerifyConnection: func(s tls.ConnectionState) error {
-					spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo
-					theirDgst := sha256.Sum256(spki)
-					if bytes.Compare(ourDgst, theirDgst[:]) != 0 {
-						return errors.New("certificate's digest mismatch")
-					}
-					return nil
-				}},
+		tlsConfig.VerifyConnection = func(s tls.ConnectionState) error {
+			spki := s.VerifiedChains[0][0].RawSubjectPublicKeyInfo
+			theirDgst := sha256.Sum256(spki)
+			if bytes.Compare(ourDgst, theirDgst[:]) != 0 {
+				return errors.New("certificate's SPKI digest mismatch")
+			}
+			return nil
 		}
 	}