From a01dd37b8ff078750dfe49db6031b7a23f14e2d5 Mon Sep 17 00:00:00 2001
From: Carl Jackson <carl@avtok.com>
Date: Thu, 3 Mar 2016 20:34:44 -0800
Subject: [PATCH] graceful: import cloneTLSConfig from net/http

---
 graceful/clone.go   | 11 +++++++++++
 graceful/clone16.go | 34 ++++++++++++++++++++++++++++++++++
 graceful/server.go  |  2 +-
 3 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 graceful/clone.go
 create mode 100644 graceful/clone16.go

diff --git a/graceful/clone.go b/graceful/clone.go
new file mode 100644
index 0000000..a9027e5
--- /dev/null
+++ b/graceful/clone.go
@@ -0,0 +1,11 @@
+// +build !go1.6
+
+package graceful
+
+import "crypto/tls"
+
+// see clone16.go
+func cloneTLSConfig(cfg *tls.Config) *tls.Config {
+	c := *cfg
+	return &c
+}
diff --git a/graceful/clone16.go b/graceful/clone16.go
new file mode 100644
index 0000000..810b3a2
--- /dev/null
+++ b/graceful/clone16.go
@@ -0,0 +1,34 @@
+// +build go1.6
+
+package graceful
+
+import "crypto/tls"
+
+// cloneTLSConfig was taken from the Go standard library's net/http package. We
+// need it because tls.Config objects now contain a sync.Once.
+func cloneTLSConfig(cfg *tls.Config) *tls.Config {
+	if cfg == nil {
+		return &tls.Config{}
+	}
+	return &tls.Config{
+		Rand:                     cfg.Rand,
+		Time:                     cfg.Time,
+		Certificates:             cfg.Certificates,
+		NameToCertificate:        cfg.NameToCertificate,
+		GetCertificate:           cfg.GetCertificate,
+		RootCAs:                  cfg.RootCAs,
+		NextProtos:               cfg.NextProtos,
+		ServerName:               cfg.ServerName,
+		ClientAuth:               cfg.ClientAuth,
+		ClientCAs:                cfg.ClientCAs,
+		InsecureSkipVerify:       cfg.InsecureSkipVerify,
+		CipherSuites:             cfg.CipherSuites,
+		PreferServerCipherSuites: cfg.PreferServerCipherSuites,
+		SessionTicketsDisabled:   cfg.SessionTicketsDisabled,
+		SessionTicketKey:         cfg.SessionTicketKey,
+		ClientSessionCache:       cfg.ClientSessionCache,
+		MinVersion:               cfg.MinVersion,
+		MaxVersion:               cfg.MaxVersion,
+		CurvePreferences:         cfg.CurvePreferences,
+	}
+}
diff --git a/graceful/server.go b/graceful/server.go
index 8b17295..ae9a5fb 100644
--- a/graceful/server.go
+++ b/graceful/server.go
@@ -58,7 +58,7 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
 		MinVersion: tls.VersionTLS10,
 	}
 	if srv.TLSConfig != nil {
-		*config = *srv.TLSConfig
+		config = cloneTLSConfig(srv.TLSConfig)
 	}
 	if config.NextProtos == nil {
 		config.NextProtos = []string{"http/1.1"}