gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

transfer the ClientAuth from tls.Config to the mint.Config

Browse Source
This commit is contained in:
Marten Seemann
2018-01-11 22:41:21 +07:00
parent ca0f9f4a12
commit 1181657ac1
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
mint_utils.go
View File

@@ -87,6 +87,13 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf
mconf.Certificates[i].Chain[j] = c
}
}
switch tlsConf.ClientAuth {
case tls.NoClientCert:
case tls.RequireAnyClientCert:
mconf.RequireClientAuth = true
default:
return nil, errors.New("mint currently only support ClientAuthType RequireAnyClientCert")
}
}
if err := mconf.Init(pers == protocol.PerspectiveClient); err != nil {
return nil, err

34
mint_utils_test.go
View File

@@ -2,9 +2,11 @@ package quic
import (
"bytes"
"crypto/tls"
"github.com/lucas-clemente/quic-go/internal/crypto"
"github.com/lucas-clemente/quic-go/internal/protocol"
"github.com/lucas-clemente/quic-go/internal/testdata"
"github.com/lucas-clemente/quic-go/internal/wire"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
@@ -33,6 +35,38 @@ var _ = Describe("Packing and unpacking Initial packets", func() {
hdr.Raw = buf.Bytes()
})
Context("generating a mint.Config", func() {
It("sets non-blocking mode", func() {
mintConf, err := tlsToMintConfig(nil, protocol.PerspectiveClient)
Expect(err).ToNot(HaveOccurred())
Expect(mintConf.NonBlocking).To(BeTrue())
})
It("sets the certificate chain", func() {
tlsConf := testdata.GetTLSConfig()
mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient)
Expect(err).ToNot(HaveOccurred())
Expect(mintConf.Certificates).ToNot(BeEmpty())
Expect(mintConf.Certificates).To(HaveLen(len(tlsConf.Certificates)))
})
It("requires client authentication", func() {
mintConf, err := tlsToMintConfig(nil, protocol.PerspectiveClient)
Expect(err).ToNot(HaveOccurred())
Expect(mintConf.RequireClientAuth).To(BeFalse())
conf := &tls.Config{ClientAuth: tls.RequireAnyClientCert}
mintConf, err = tlsToMintConfig(conf, protocol.PerspectiveClient)
Expect(err).ToNot(HaveOccurred())
Expect(mintConf.RequireClientAuth).To(BeTrue())
})
It("rejects unsupported client auth types", func() {
conf := &tls.Config{ClientAuth: tls.RequireAndVerifyClientCert}
_, err := tlsToMintConfig(conf, protocol.PerspectiveClient)
Expect(err).To(MatchError("mint currently only support ClientAuthType RequireAnyClientCert"))
})
})
Context("unpacking", func() {
packPacket := func(frames []wire.Frame) []byte {
buf := &bytes.Buffer{}