From fc4f2e5692ab800a450e07c3d983eda02dfd4711 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Thu, 25 Oct 2018 02:02:57 +0000 Subject: [PATCH] net/http: fix comment change omitted between versions of CL 143177 Updates #23689 Change-Id: Icddec2fcc39802cacd651a9c94290e86cf1e48d1 Reviewed-on: https://go-review.googlesource.com/c/144517 Reviewed-by: Ian Lance Taylor --- src/net/http/server.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/net/http/server.go b/src/net/http/server.go index 82abdd388e..6e1ccff4cd 100644 --- a/src/net/http/server.go +++ b/src/net/http/server.go @@ -1782,11 +1782,9 @@ func (c *conn) serve(ctx context.Context) { c.rwc.SetWriteDeadline(time.Now().Add(d)) } if err := tlsConn.Handshake(); err != nil { - // If the handshake failed, one reason might be a - // misconfigured client sending an HTTP request. If so, reach - // into the *tls.Conn unexported fields in a gross way so we - // can reply on the plaintext connection. At least there's a - // test that'll break if we rearrange the *tls.Conn struct. + // If the handshake failed due to the client not speaking + // TLS, assume they're speaking plaintext HTTP and write a + // 400 response on the TLS conn's underlying net.Conn. if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) { io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n") re.Conn.Close()