gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

Call GetConfigForClient in tls.Config if present

Browse Source
This commit is contained in:
Lucas Clemente
2017-03-01 21:11:52 +01:00
parent 1bb4a26965
commit 219ce60a5e
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/cert_chain.go
View File

@@ -57,6 +57,15 @@ func (c *certChain) GetLeafCert(sni string) ([]byte, error) {
func (cc *certChain) getCertForSNI(sni string) (*tls.Certificate, error) { func (cc *certChain) getCertForSNI(sni string) (*tls.Certificate, error) {
c := cc.config c := cc.config
if c.GetConfigForClient != nil {
var err error
c, err = c.GetConfigForClient(&tls.ClientHelloInfo{
ServerName: sni,
})
if err != nil {
return nil, err
}
}
// The rest of this function is mostly copied from crypto/tls.getCertificate // The rest of this function is mostly copied from crypto/tls.getCertificate
if c.GetCertificate != nil { if c.GetCertificate != nil {

11
crypto/cert_chain_test.go
View File

@@ -127,5 +127,16 @@ var _ = Describe("Proof", func() {
_, err := cc.GetLeafCert("invalid domain") _, err := cc.GetLeafCert("invalid domain")
Expect(err).To(MatchError(errNoMatchingCertificate)) Expect(err).To(MatchError(errNoMatchingCertificate))
}) })
It("respects GetConfigForClient", func() {
nestedConfig := &tls.Config{Certificates: []tls.Certificate{cert}}
config.GetConfigForClient = func(chi *tls.ClientHelloInfo) (*tls.Config, error) {
Expect(chi.ServerName).To(Equal("quic.clemente.io"))
return nestedConfig, nil
}
resultCert, err := cc.getCertForSNI("quic.clemente.io")
Expect(err).NotTo(HaveOccurred())
Expect(*resultCert).To(Equal(cert))
})
}) })
}) })