set a net.Conn for tls.ClientHelloInfo.Conn used by GetCertificate (#4014)

2025-04-03 20:27:35 +03:00 · 2023-08-03 20:33:19 -04:00 · 2023-08-03 20:33:19 -04:00 · 18d3846d4f
commit 18d3846d4f
parent f9f6b9df6e
2 changed files with 32 additions and 1 deletions
--- a/integrationtests/self/handshake_test.go
+++ b/integrationtests/self/handshake_test.go
@ -140,7 +140,7 @@ var _ = Describe("Handshake tests", func() {
 			Expect(err).ToNot(HaveOccurred())
 		})

-		It("has the right local and remote address on the ClientHelloInfo.Conn", func() {
+		It("has the right local and remote address on the tls.Config.GetConfigForClient ClientHelloInfo.Conn", func() {
 			var local, remote net.Addr
 			done := make(chan struct{})
 			tlsConf := &tls.Config{
@ -164,6 +164,30 @@ var _ = Describe("Handshake tests", func() {
 			Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
 		})

+		It("has the right local and remote address on the tls.Config.GetCertificate ClientHelloInfo.Conn", func() {
+			var local, remote net.Addr
+			done := make(chan struct{})
+			tlsConf := getTLSConfig()
+			tlsConf.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+				defer close(done)
+				local = info.Conn.LocalAddr()
+				remote = info.Conn.RemoteAddr()
+				cert := tlsConf.Certificates[0]
+				return &cert, nil
+			}
+			runServer(tlsConf)
+			conn, err := quic.DialAddr(
+				context.Background(),
+				fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
+				getTLSClientConfig(),
+				getQuicConfig(nil),
+			)
+			Expect(err).ToNot(HaveOccurred())
+			Eventually(done).Should(BeClosed())
+			Expect(server.Addr()).To(Equal(local))
+			Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
+		})
+
 		It("works with a long certificate chain", func() {
 			runServer(getTLSConfigWithLongCertChain())
 			_, err := quic.DialAddr(