From 46adb0ffad6a8dce783381943c560f3800731863 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 6 Jul 2025 23:31:15 +0200 Subject: [PATCH] refactor(fetcher): simplification of ExecuteRequest Instead of doing some ciphers manipulation before instantiating the http.Transport and then assigning them, instantiate http.Transport, and then in an if do the manipulation. This makes the code a bit clearer, which is always nice when it comes to cryptographic shenanigans. --- internal/reader/fetcher/request_builder.go | 40 +++++++++------------- 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/internal/reader/fetcher/request_builder.go b/internal/reader/fetcher/request_builder.go index c93c460b..06c1bf24 100644 --- a/internal/reader/fetcher/request_builder.go +++ b/internal/reader/fetcher/request_builder.go @@ -11,6 +11,7 @@ import ( "net" "net/http" "net/url" + "slices" "time" "miniflux.app/v2/internal/proxyrotator" @@ -124,38 +125,29 @@ func (r *RequestBuilder) IgnoreTLSErrors(value bool) *RequestBuilder { } func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, error) { - // We get the safe ciphers - ciphers := tls.CipherSuites() - if r.ignoreTLSErrors { - // and the insecure ones if we are ignoring TLS errors. This allows to connect to badly configured servers anyway - ciphers = append(ciphers, tls.InsecureCipherSuites()...) - } - cipherSuites := make([]uint16, 0, len(ciphers)) - for _, cipher := range ciphers { - cipherSuites = append(cipherSuites, cipher.ID) - } transport := &http.Transport{ Proxy: http.ProxyFromEnvironment, // Setting `DialContext` disables HTTP/2, this option forces the transport to try HTTP/2 regardless. ForceAttemptHTTP2: true, DialContext: (&net.Dialer{ - // Default is 30s. - Timeout: 10 * time.Second, - - // Default is 30s. - KeepAlive: 15 * time.Second, + Timeout: 10 * time.Second, // Default is 30s. + KeepAlive: 15 * time.Second, // Default is 30s. }).DialContext, + MaxIdleConns: 50, // Default is 100. + IdleConnTimeout: 10 * time.Second, // Default is 90s. + } - // Default is 100. - MaxIdleConns: 50, - - // Default is 90s. - IdleConnTimeout: 10 * time.Second, - - TLSClientConfig: &tls.Config{ + if r.ignoreTLSErrors { + // Add insecure ciphers if we are ignoring TLS errors. This allows to connect to badly configured servers anyway + ciphers := slices.Concat(tls.CipherSuites(), tls.InsecureCipherSuites()) + cipherSuites := make([]uint16, 0, len(ciphers)) + for _, cipher := range ciphers { + cipherSuites = append(cipherSuites, cipher.ID) + } + transport.TLSClientConfig = &tls.Config{ CipherSuites: cipherSuites, - InsecureSkipVerify: r.ignoreTLSErrors, - }, + InsecureSkipVerify: true, + } } if r.disableHTTP2 {