From d3e3fc533f7046d47d60818234f3bb50d62ea1b6 Mon Sep 17 00:00:00 2001
From: Kris Kwiatkowski <contact@amongbytes.com>
Date: Fri, 19 Oct 2018 18:51:10 +0100
Subject: [PATCH] templates: TLSVersion (#2323)

* new template action: TLS protocol version

* new template action: use caddytls.GetSupportedProtocolName

Avoids code duplication by reusing existing method to get TLS protocol
version used on connection. Also adds tests
---
 caddyhttp/httpserver/tplcontext.go      | 10 +++++++
 caddyhttp/httpserver/tplcontext_test.go | 38 +++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/caddyhttp/httpserver/tplcontext.go b/caddyhttp/httpserver/tplcontext.go
index 974025f0..73af0803 100644
--- a/caddyhttp/httpserver/tplcontext.go
+++ b/caddyhttp/httpserver/tplcontext.go
@@ -31,6 +31,7 @@ import (
 
 	"os"
 
+	"github.com/mholt/caddy/caddytls"
 	"github.com/russross/blackfriday"
 )
 
@@ -448,6 +449,15 @@ func (c Context) AddLink(link string) string {
 	return ""
 }
 
+// Returns either TLS protocol version if TLS used or empty string otherwise
+func (c Context) TLSVersion() (ret string) {
+	if c.Req.TLS != nil {
+		// Safe to ignore an error
+		ret, _ = caddytls.GetSupportedProtocolName(c.Req.TLS.Version)
+	}
+	return
+}
+
 // buffer pool for .Include context actions
 var includeBufs = sync.Pool{
 	New: func() interface{} {
diff --git a/caddyhttp/httpserver/tplcontext_test.go b/caddyhttp/httpserver/tplcontext_test.go
index 04e5ef7e..8a76baf3 100644
--- a/caddyhttp/httpserver/tplcontext_test.go
+++ b/caddyhttp/httpserver/tplcontext_test.go
@@ -16,6 +16,7 @@ package httpserver
 
 import (
 	"bytes"
+	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -922,3 +923,40 @@ func TestAddLink(t *testing.T) {
 		})
 	}
 }
+
+func TestTlsVersion(t *testing.T) {
+	for _, test := range []struct {
+		tlsState       *tls.ConnectionState
+		expectedResult string
+	}{
+		{
+			&tls.ConnectionState{Version: tls.VersionTLS10},
+			"tls1.0",
+		},
+		{
+			&tls.ConnectionState{Version: tls.VersionTLS11},
+			"tls1.1",
+		},
+		{
+			&tls.ConnectionState{Version: tls.VersionTLS12},
+			"tls1.2",
+		},
+		// TLS not used
+		{
+			nil,
+			"",
+		},
+		// Unsupported version
+		{
+			&tls.ConnectionState{Version: 0x0399},
+			"",
+		},
+	} {
+		context := getContextOrFail(t)
+		context.Req.TLS = test.tlsState
+		result := context.TLSVersion()
+		if result != test.expectedResult {
+			t.Errorf("Expected %s got %s", test.expectedResult, result)
+		}
+	}
+}