forked from quic-go/quic-go
set a net.Conn for tls.ClientHelloInfo.Conn used by GetCertificate (#4014)
This commit is contained in:
Marten Seemann
@@ -140,7 +140,7 @@ var _ = Describe("Handshake tests", func() {
|
|||||||
Expect(err).ToNot(HaveOccurred())
|
Expect(err).ToNot(HaveOccurred())
|
||||||
})
|
})
|
||||||
|
|
||||||
It("has the right local and remote address on the ClientHelloInfo.Conn", func() {
|
It("has the right local and remote address on the tls.Config.GetConfigForClient ClientHelloInfo.Conn", func() {
|
||||||
var local, remote net.Addr
|
var local, remote net.Addr
|
||||||
done := make(chan struct{})
|
done := make(chan struct{})
|
||||||
tlsConf := &tls.Config{
|
tlsConf := &tls.Config{
|
||||||
@@ -164,6 +164,30 @@ var _ = Describe("Handshake tests", func() {
|
|||||||
Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
|
Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("has the right local and remote address on the tls.Config.GetCertificate ClientHelloInfo.Conn", func() {
|
||||||
|
var local, remote net.Addr
|
||||||
|
done := make(chan struct{})
|
||||||
|
tlsConf := getTLSConfig()
|
||||||
|
tlsConf.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
|
defer close(done)
|
||||||
|
local = info.Conn.LocalAddr()
|
||||||
|
remote = info.Conn.RemoteAddr()
|
||||||
|
cert := tlsConf.Certificates[0]
|
||||||
|
return &cert, nil
|
||||||
|
}
|
||||||
|
runServer(tlsConf)
|
||||||
|
conn, err := quic.DialAddr(
|
||||||
|
context.Background(),
|
||||||
|
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
|
||||||
|
getTLSClientConfig(),
|
||||||
|
getQuicConfig(nil),
|
||||||
|
)
|
||||||
|
Expect(err).ToNot(HaveOccurred())
|
||||||
|
Eventually(done).Should(BeClosed())
|
||||||
|
Expect(server.Addr()).To(Equal(local))
|
||||||
|
Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
|
||||||
|
})
|
||||||
|
|
||||||
It("works with a long certificate chain", func() {
|
It("works with a long certificate chain", func() {
|
||||||
runServer(getTLSConfigWithLongCertChain())
|
runServer(getTLSConfigWithLongCertChain())
|
||||||
_, err := quic.DialAddr(
|
_, err := quic.DialAddr(
|
||||||
|
|||||||
@@ -134,6 +134,13 @@ func NewCryptoSetupServer(
|
|||||||
return gcfc(info)
|
return gcfc(info)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if quicConf.TLSConfig.GetCertificate != nil {
|
||||||
|
gc := quicConf.TLSConfig.GetCertificate
|
||||||
|
quicConf.TLSConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
|
info.Conn = &conn{localAddr: localAddr, remoteAddr: remoteAddr}
|
||||||
|
return gc(info)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
cs.tlsConf = quicConf.TLSConfig
|
cs.tlsConf = quicConf.TLSConfig
|
||||||
cs.conn = qtls.QUICServer(quicConf)
|
cs.conn = qtls.QUICServer(quicConf)
|
||||||
|
|||||||
Reference in New Issue
Block a user