copy VerifyPeerCertificate from the tls.Config to the mint.Config

2018-02-02 11:01:34 +08:00
parent d0a394430f
commit e16131b391
2 changed files with 19 additions and 14 deletions
--- a/mint_utils.go
+++ b/mint_utils.go
@@ -76,6 +76,7 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf
 		mconf.ServerName = tlsConf.ServerName
 		mconf.InsecureSkipVerify = tlsConf.InsecureSkipVerify
 		mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates))
+		mconf.VerifyPeerCertificate = tlsConf.VerifyPeerCertificate
 		for i, certChain := range tlsConf.Certificates {
 			mconf.Certificates[i] = &mint.Certificate{
 				Chain:      make([]*x509.Certificate, len(certChain.Certificate)),
--- a/mint_utils_test.go
+++ b/mint_utils_test.go
@@ -3,6 +3,8 @@ package quic
 import (
 	"bytes"
 	"crypto/tls"
+	"crypto/x509"
+	"errors"

 	"github.com/lucas-clemente/quic-go/internal/crypto"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
@@ -42,20 +44,6 @@ var _ = Describe("Packing and unpacking Initial packets", func() {
 			Expect(mintConf.NonBlocking).To(BeTrue())
 		})

-		It("sets the server name", func() {
-			conf := &tls.Config{ServerName: "www.example.com"}
-			mintConf, err := tlsToMintConfig(conf, protocol.PerspectiveClient)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(mintConf.ServerName).To(Equal("www.example.com"))
-		})
-
-		It("sets InsecureSkipVerify", func() {
-			conf := &tls.Config{InsecureSkipVerify: true}
-			mintConf, err := tlsToMintConfig(conf, protocol.PerspectiveClient)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(mintConf.InsecureSkipVerify).To(BeTrue())
-		})
-
 		It("sets the certificate chain", func() {
 			tlsConf := testdata.GetTLSConfig()
 			mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient)
@@ -64,6 +52,22 @@ var _ = Describe("Packing and unpacking Initial packets", func() {
 			Expect(mintConf.Certificates).To(HaveLen(len(tlsConf.Certificates)))
 		})

+		It("copies values from the tls.Config", func() {
+			verifyErr := errors.New("test err")
+			tlsConf := &tls.Config{
+				ServerName:         "www.example.com",
+				InsecureSkipVerify: true,
+				VerifyPeerCertificate: func(_ [][]byte, _ [][]*x509.Certificate) error {
+					return verifyErr
+				},
+			}
+			mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(mintConf.ServerName).To(Equal("www.example.com"))
+			Expect(mintConf.InsecureSkipVerify).To(BeTrue())
+			Expect(mintConf.VerifyPeerCertificate(nil, nil)).To(MatchError(verifyErr))
+		})
+
 		It("requires client authentication", func() {
 			mintConf, err := tlsToMintConfig(nil, protocol.PerspectiveClient)
 			Expect(err).ToNot(HaveOccurred())