From ef286afa3ce3be17bfa81d3455c784934512321a Mon Sep 17 00:00:00 2001 From: jared2501 Date: Sun, 15 Apr 2018 01:59:02 -0700 Subject: [PATCH] copy RootCAs to mint config (#1291) --- mint_utils.go | 1 + mint_utils_test.go | 3 +++ 2 files changed, 4 insertions(+) diff --git a/mint_utils.go b/mint_utils.go index 2d56490c8..b32a09057 100644 --- a/mint_utils.go +++ b/mint_utils.go @@ -77,6 +77,7 @@ func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Conf mconf.ServerName = tlsConf.ServerName mconf.InsecureSkipVerify = tlsConf.InsecureSkipVerify mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates)) + mconf.RootCAs = tlsConf.RootCAs mconf.VerifyPeerCertificate = tlsConf.VerifyPeerCertificate for i, certChain := range tlsConf.Certificates { mconf.Certificates[i] = &mint.Certificate{ diff --git a/mint_utils_test.go b/mint_utils_test.go index 42f4c0b5f..5424277df 100644 --- a/mint_utils_test.go +++ b/mint_utils_test.go @@ -55,7 +55,9 @@ var _ = Describe("Packing and unpacking Initial packets", func() { It("copies values from the tls.Config", func() { verifyErr := errors.New("test err") + certPool := &x509.CertPool{} tlsConf := &tls.Config{ + RootCAs: certPool, ServerName: "www.example.com", InsecureSkipVerify: true, VerifyPeerCertificate: func(_ [][]byte, _ [][]*x509.Certificate) error { @@ -64,6 +66,7 @@ var _ = Describe("Packing and unpacking Initial packets", func() { } mintConf, err := tlsToMintConfig(tlsConf, protocol.PerspectiveClient) Expect(err).ToNot(HaveOccurred()) + Expect(mintConf.RootCAs).To(Equal(certPool)) Expect(mintConf.ServerName).To(Equal("www.example.com")) Expect(mintConf.InsecureSkipVerify).To(BeTrue()) Expect(mintConf.VerifyPeerCertificate(nil, nil)).To(MatchError(verifyErr))