From 1181657ac1fcf1db923600823bf0a576530b884e Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 11 Jan 2018 22:41:21 +0700
Subject: [PATCH] transfer the ClientAuth from tls.Config to the mint.Config

---
 mint_utils.go      |  7 +++++++
 mint_utils_test.go | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/mint_utils.go b/mint_utils.go
index 9764a70c..dce62fb1 100644
--- a/mint_utils.go
+++ b/mint_utils.go
@@ -87,6 +87,13 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf
 				mconf.Certificates[i].Chain[j] = c
 			}
 		}
+		switch tlsConf.ClientAuth {
+		case tls.NoClientCert:
+		case tls.RequireAnyClientCert:
+			mconf.RequireClientAuth = true
+		default:
+			return nil, errors.New("mint currently only support ClientAuthType RequireAnyClientCert")
+		}
 	}
 	if err := mconf.Init(pers == protocol.PerspectiveClient); err != nil {
 		return nil, err
diff --git a/mint_utils_test.go b/mint_utils_test.go
index e538cad2..4c90f5c5 100644
--- a/mint_utils_test.go
+++ b/mint_utils_test.go
@@ -2,9 +2,11 @@ package quic
 
 import (
 	"bytes"
+	"crypto/tls"
 
 	"github.com/lucas-clemente/quic-go/internal/crypto"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
+	"github.com/lucas-clemente/quic-go/internal/testdata"
 	"github.com/lucas-clemente/quic-go/internal/wire"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -33,6 +35,38 @@ var _ = Describe("Packing and unpacking Initial packets", func() {
 		hdr.Raw = buf.Bytes()
 	})
 
+	Context("generating a mint.Config", func() {
+		It("sets non-blocking mode", func() {
+			mintConf, err := tlsToMintConfig(nil, protocol.PerspectiveClient)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mintConf.NonBlocking).To(BeTrue())
+		})
+
+		It("sets the certificate chain", func() {
+			tlsConf := testdata.GetTLSConfig()
+			mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mintConf.Certificates).ToNot(BeEmpty())
+			Expect(mintConf.Certificates).To(HaveLen(len(tlsConf.Certificates)))
+		})
+
+		It("requires client authentication", func() {
+			mintConf, err := tlsToMintConfig(nil, protocol.PerspectiveClient)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mintConf.RequireClientAuth).To(BeFalse())
+			conf := &tls.Config{ClientAuth: tls.RequireAnyClientCert}
+			mintConf, err = tlsToMintConfig(conf, protocol.PerspectiveClient)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mintConf.RequireClientAuth).To(BeTrue())
+		})
+
+		It("rejects unsupported client auth types", func() {
+			conf := &tls.Config{ClientAuth: tls.RequireAndVerifyClientCert}
+			_, err := tlsToMintConfig(conf, protocol.PerspectiveClient)
+			Expect(err).To(MatchError("mint currently only support ClientAuthType RequireAnyClientCert"))
+		})
+	})
+
 	Context("unpacking", func() {
 		packPacket := func(frames []wire.Frame) []byte {
 			buf := &bytes.Buffer{}