client stop keeping cert pool for fronted servers

src/github.com/getlantern/flashlight/client/client.go

@@ -1,7 +1,6 @@
 package client
 
 import (
-	"crypto/x509"
 	"fmt"
 	"net"
 	"net/http"
@@ -15,8 +14,7 @@ import (
 )
 
 var (
-	log    = golog.LoggerFor("flashlight.client")
-	poolCh = make(chan *x509.CertPool, 1)
+	log = golog.LoggerFor("flashlight.client")
 )
 
 // Client is an HTTP proxy that accepts connections from local programs and
@@ -37,9 +35,8 @@ type Client struct {
 	// MinQOS: (optional) the minimum QOS to require from proxies.
 	MinQOS int
 
-	priorCfg        *ClientConfig
-	priorTrustedCAs *x509.CertPool
-	cfgMutex        sync.RWMutex
+	priorCfg *ClientConfig
+	cfgMutex sync.RWMutex
 
 	// Balanced CONNECT dialers.
 	balCh          chan *balancer.Balancer
@@ -52,14 +49,6 @@ type Client struct {
 	l net.Listener
 }
 
-func getCertPool() *x509.CertPool {
-	pool := <-poolCh
-	if len(poolCh) == 0 {
-		poolCh <- pool
-	}
-	return pool
-}
-
 // ListenAndServe makes the client listen for HTTP connections.  onListeningFn
 // is a callback that gets invoked as soon as the server is accepting TCP
 // connections.
@@ -89,15 +78,14 @@ func (client *Client) ListenAndServe(onListeningFn func()) error {
 // Configure updates the client's configuration. Configure can be called
 // before or after ListenAndServe, and can be called multiple times.  It
 // returns the highest QOS fronted.Dialer available, or nil if none available.
-func (client *Client) Configure(cfg *ClientConfig, pool *x509.CertPool) {
+func (client *Client) Configure(cfg *ClientConfig) {
 	client.cfgMutex.Lock()
 	defer client.cfgMutex.Unlock()
 
 	log.Debug("Configure() called")
 
-	poolCh <- pool
-	if client.priorCfg != nil && client.priorTrustedCAs != nil {
-		if reflect.DeepEqual(client.priorCfg, cfg) && reflect.DeepEqual(client.priorTrustedCAs, pool) {
+	if client.priorCfg != nil {
+		if reflect.DeepEqual(client.priorCfg, cfg) {
 			log.Debugf("Client configuration unchanged")
 			return
 		}
@@ -114,8 +102,6 @@ func (client *Client) Configure(cfg *ClientConfig, pool *x509.CertPool) {
 	client.initBalancer(cfg)
 
 	client.priorCfg = cfg
-	client.priorTrustedCAs = &x509.CertPool{}
-	*client.priorTrustedCAs = *pool
 }
 
 // Stop is called when the client is no longer needed. It closes the

src/github.com/getlantern/flashlight/client/fronted.go

@@ -75,7 +75,6 @@ func (s *FrontedServerInfo) dialer(masqueradeSets map[string][]*fronted.Masquera
 		OnDialStats:        s.onDialStats,
 		Masquerades:        masqueradeSets[s.MasqueradeSet],
 		MaxMasquerades:     s.MaxMasquerades,
-		RootCAs:            getCertPool(),
 	})
 
 	var masqueradeQualifier string

src/github.com/getlantern/flashlight/config/config.go

@@ -7,7 +7,6 @@ import (
 	"io/ioutil"
 	"math/rand"
 	"net/http"
-	"net/http/httputil"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -521,8 +520,6 @@ func readConfigResponse(url string, resp *http.Response) ([]byte, error) {
 	}
 
 	lastCloudConfigETag[url] = resp.Header.Get(etag)
-	body, _ := httputil.DumpResponse(resp, true)
-	log.Debugf("Got response for URL:%v\n%v", url, string(body))
 	gzReader, err := gzip.NewReader(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("Unable to open gzip reader: %s", err)

src/github.com/getlantern/flashlight/flashlight.go

@@ -372,7 +372,7 @@ func applyClientConfig(client *client.Client, cfg *config.Config) {
 	_ = statreporter.Configure(cfg.Stats)
 
 	// Update client configuration and get the highest QOS dialer available.
-	client.Configure(cfg.Client, cfg.GetTrustedCACerts())
+	client.Configure(cfg.Client)
 
 	// We offload this onto a go routine because creating the http clients
 	// blocks on waiting for the local server, and the local server starts

src/github.com/getlantern/flashlight/flashlight_test.go

@@ -195,7 +195,7 @@ func testRequest(testCase string, t *testing.T, requests chan *http.Request, htt
 	} else if requestSuccessful {
 		defer func() {
 			if err := resp.Body.Close(); err != nil {
-				t.Fatalf("Error closing response body", err)
+				t.Fatalf("Error closing response body: %s", err)
 			}
 		}()
 		if resp.StatusCode != expectedStatus {

src/github.com/getlantern/fronted/dialer.go

@@ -4,7 +4,6 @@ package fronted
 
 import (
 	"crypto/tls"
-	"crypto/x509"
 	"fmt"
 	"io"
 	"net"
@@ -76,10 +75,6 @@ type Config struct {
 	// InsecureSkipVerify: if true, server's certificate is not verified.
 	InsecureSkipVerify bool
 
-	// RootCAs: optional CertPool specifying the root CAs to use for verifying
-	// servers
-	RootCAs *x509.CertPool
-
 	// BufferRequests: if true, requests to the proxy will be buffered and sent
 	// with identity encoding.  If false, they'll be streamed with chunked
 	// encoding.
@@ -333,7 +328,7 @@ func (d *dialer) tlsConfig(masquerade *Masquerade) *tls.Config {
 			ClientSessionCache: tls.NewLRUClientSessionCache(1000),
 			InsecureSkipVerify: d.InsecureSkipVerify,
 			ServerName:         serverName,
-			RootCAs:            d.RootCAs,
+			RootCAs:            getCertPool(),
 		}
 		d.tlsConfigs[serverName] = tlsConfig
 	}