From e16131b39171ea863ea1557d2b6e1573b9f6b4d0 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 2 Feb 2018 11:01:34 +0800 Subject: [PATCH] copy VerifyPeerCertificate from the tls.Config to the mint.Config --- mint_utils.go | 1 + mint_utils_test.go | 32 ++++++++++++++++++-------------- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/mint_utils.go b/mint_utils.go index 7c023a94e..578aecca9 100644 --- a/mint_utils.go +++ b/mint_utils.go @@ -76,6 +76,7 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf mconf.ServerName = tlsConf.ServerName mconf.InsecureSkipVerify = tlsConf.InsecureSkipVerify mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates)) + mconf.VerifyPeerCertificate = tlsConf.VerifyPeerCertificate for i, certChain := range tlsConf.Certificates { mconf.Certificates[i] = &mint.Certificate{ Chain: make([]*x509.Certificate, len(certChain.Certificate)), diff --git a/mint_utils_test.go b/mint_utils_test.go index ecf9d5163..bec11c420 100644 --- a/mint_utils_test.go +++ b/mint_utils_test.go @@ -3,6 +3,8 @@ package quic import ( "bytes" "crypto/tls" + "crypto/x509" + "errors" "github.com/lucas-clemente/quic-go/internal/crypto" "github.com/lucas-clemente/quic-go/internal/protocol" @@ -42,20 +44,6 @@ var _ = Describe("Packing and unpacking Initial packets", func() { Expect(mintConf.NonBlocking).To(BeTrue()) }) - It("sets the server name", func() { - conf := &tls.Config{ServerName: "www.example.com"} - mintConf, err := tlsToMintConfig(conf, protocol.PerspectiveClient) - Expect(err).ToNot(HaveOccurred()) - Expect(mintConf.ServerName).To(Equal("www.example.com")) - }) - - It("sets InsecureSkipVerify", func() { - conf := &tls.Config{InsecureSkipVerify: true} - mintConf, err := tlsToMintConfig(conf, protocol.PerspectiveClient) - Expect(err).ToNot(HaveOccurred()) - Expect(mintConf.InsecureSkipVerify).To(BeTrue()) - }) - It("sets the certificate chain", func() { tlsConf := testdata.GetTLSConfig() mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient) @@ -64,6 +52,22 @@ var _ = Describe("Packing and unpacking Initial packets", func() { Expect(mintConf.Certificates).To(HaveLen(len(tlsConf.Certificates))) }) + It("copies values from the tls.Config", func() { + verifyErr := errors.New("test err") + tlsConf := &tls.Config{ + ServerName: "www.example.com", + InsecureSkipVerify: true, + VerifyPeerCertificate: func(_ [][]byte, _ [][]*x509.Certificate) error { + return verifyErr + }, + } + mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient) + Expect(err).ToNot(HaveOccurred()) + Expect(mintConf.ServerName).To(Equal("www.example.com")) + Expect(mintConf.InsecureSkipVerify).To(BeTrue()) + Expect(mintConf.VerifyPeerCertificate(nil, nil)).To(MatchError(verifyErr)) + }) + It("requires client authentication", func() { mintConf, err := tlsToMintConfig(nil, protocol.PerspectiveClient) Expect(err).ToNot(HaveOccurred())