Upload
strikrhq-
View
302
Download
0
Embed Size (px)
Citation preview
Warm up
package main
import "net/http"
func main() {
_, err := http.Get(`https://graph.facebook.com//v2.4/oauth/access_token`)
if err != nil {
panic(err.Error())
}
}
(22 hrs ago) https://github.com/golang/go/issues/19103
Warm up
package main
import "net/http"
func main() {
_, err := http.Get(`https://graph.facebook.com//v2.4/oauth/access_token`)
if err != nil {
panic(err.Error())
}
}
(22 hrs ago) https://github.com/golang/go/issues/19103
x/net/http2: requests with absolute URIs in URL.Opaque produce incorrect :path header #16847 (2016-08-16)
setup
SYN attack
tear-down
TLS exchange
socket
message
response
Server Client
Packets via intermediate device
A t
ale
of t
wo
prot
ocol
s
One TCP connection.
Request → StreamStreams are multiplexedStreams are prioritized
Binary Framing LayerPrioritizationFlow ControlServer Push
Header Compression
HTTP/2 Server Push
What does all this mean for Go ?
● You got to make “changes” in the library.● Lots of “small” changes
– Tools
– Libraries
–
● “Context” is critical.
Context
● A Context carries – a deadline
– a cancelation signal
– and other values across API boundaries.
● Context's methods may be called by multiple goroutines simultaneously.
Fix
● The fix tool has a new “context” fix to change imports from “golang.org/x/net/context” to
“context”.
Pprof
● The pprof tool can now profile TLS servers and skip certificate validation by using the “https+insecure” URL scheme.
Vet
● Vet now checks for copying an array of locks, duplicate JSON and XML struct field tags, non-space-separated struct tags, deferred calls to HTTP Response.Body.Close before checking errors, and indexed arguments in Printf.
HTTP Server Graceful Shutdown
● The HTTP Server now has support for – graceful shutdown using the new Server.Shutdown method
– abrupt shutdown using the new Server.Close method.
HTTP/2 Push
● The net/http package now includes a mechanism to send HTTP/2 server pushes from a Handler.
● Similar to the existing Flusher and Hijacker interfaces, an HTTP/2 ResponseWriter now implements the new Pusher interface.
Context is gonna be HUGE
● new Server.Shutdown takes a context argument.
● significant additions to the database/sql package with context support.
● All nine of the new Lookup methods on the new net.Resolver now take a context.
●
crypto/tls
● Conn.CloseWrite allows TLS connections to be half closed
● Config.Clone clones a TLS configuration.● Config.GetClientCertificate callback allows
selecting a client certificate based on the server's TLS CertificateRequest message, represented by the new CertificateRequestInfo
● Config.KeyLogWriter allows debugging TLS connections in WireShark
● … more
crypto/x509
● PSS signatures are now supported.● UnknownAuthorityError now has a Cert
field, reporting the untrusted certificate.● Certificate validation is more permissive in a few
cases and stricter in a few other cases.● Root certificates will now also be looked for at
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem on Linux, to support RHEL and CentOS.
expvar
● Package expvar provides a standardized interface to public variables
● operation counters in servers.● exposed via HTTP at /debug/vars in JSON
format.● new Handler function returns the package's
HTTP handler, to enable installing it in non-standard locations.
func Handler() http.Handler
net
● The new Buffers type permits writing to the network more efficiently from multiple discontiguous buffers in memory
● cf. writev● Scatter – gather
https://linux.die.net/man/2/writev●
net/http/httptrace
● support for tracing a client request's TLS handshakes– ClientTrace.TLSHandshakeStart
– ClientTrace.TLSHandshakeDone
net/http
● graceful shutdown support● Server adds configuration options
– ReadHeaderTimeout
– IdleTimeout
– and documents WriteTimeout
● FileServer and ServeContent now support HTTP If-Match conditional requests (RFC 7232)
net/http … server .. Handler
● Context returned by Request.Context is canceled if the underlying net.Conn closes. For instance, if the user closes their browser in the middle of a slow request
● Handler can now detect that the user is gone. This complements the existing CloseNotifier support.
● Handler can now abort a response by panicking with the error ErrAbortHandler.
net/http … server .. Handler
● To serve trailers produced after the header has already been written, see the new TrailerPrefix mechanism.
● Write of zero bytes to a ResponseWriter is now defined as a way to test whether a ResponseWriter has been hijacked
● If so, the Write returns ErrHijacked without printing an error to the server's error log.
net/http … Client
● Client now copies most request headers on redirect.
● Client now supports 301, 307, and 308 redirects.● Client.Post now follows 301 redirects, converting
them to GET requests without bodies● If the redirect requires resending the request
body, the request must have the new Request.GetBody field defined.
● NewRequest sets Request.GetBody automatically for common body types.
net/http … Transport
● Transport now supports international domain names.
● Get and other helpers.● Transport now rejects requests for URLs with
ports containing non-digit characters.● DefaultTransport.Dialer now enables DualStack● Transport no longer reads a byte of a non-nil
Request.Body when the Request.ContentLength is zero to determine whether the ContentLength is actually zero or just undefined.
empty interface
● interface {} may hold values of ANY type
References {URL}
● Go 1.8 release notes https://tip.golang.org/doc/go1.8
● HTTP/2 spec http://http2.github.io/http2-spec/index.html
● RSA PSS (Probabilistic Signature Scheme) https://www.emc.com/emc-plus/rsa-labs/historical/raising-standard-rsa-signatures-rsa-pss.htm
●
Legal { Attribution(s) }
● The usage of images is purely educational. The copyright for the images resides with their respective authros.
● Released under Creative Commons 4.0 Non-Commercial Share-Alike
we use
4.0
let's connect
StrikrHQ.comStrikr.in
https://twitter.com/StrikrHQ
https://plus.google.com/+StrikrHQ
https://facebook.com/StrikrHQ
https://github.com/strikr
https://hub.docker.com/r/strikr/
https://linkedin.com/company/strikr
https://webchat.freenode.net/?channels=%23strikr#strikr
https://bitbucket.org/strikr/
projects@