mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-05 05:07:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

set a net.Conn for tls.ClientHelloInfo.Conn used by GetCertificate (#4014)

Browse source
This commit is contained in:
Marten Seemann 2023-08-03 20:33:19 -04:00 committed by GitHub
parent f9f6b9df6e
commit 18d3846d4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

26
integrationtests/self/handshake_test.go
View file

@ -140,7 +140,7 @@ var _ = Describe("Handshake tests", func() {
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
}) })
It("has the right local and remote address on the ClientHelloInfo.Conn", func() { It("has the right local and remote address on the tls.Config.GetConfigForClient ClientHelloInfo.Conn", func() {
var local, remote net.Addr var local, remote net.Addr
done := make(chan struct{}) done := make(chan struct{})
tlsConf := &tls.Config{ tlsConf := &tls.Config{
@ -164,6 +164,30 @@ var _ = Describe("Handshake tests", func() {
Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port)) Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
}) })
It("has the right local and remote address on the tls.Config.GetCertificate ClientHelloInfo.Conn", func() {
var local, remote net.Addr
done := make(chan struct{})
tlsConf := getTLSConfig()
tlsConf.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
defer close(done)
local = info.Conn.LocalAddr()
remote = info.Conn.RemoteAddr()
cert := tlsConf.Certificates[0]
return &cert, nil
}
runServer(tlsConf)
conn, err := quic.DialAddr(
context.Background(),
fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
getTLSClientConfig(),
getQuicConfig(nil),
)
Expect(err).ToNot(HaveOccurred())
Eventually(done).Should(BeClosed())
Expect(server.Addr()).To(Equal(local))
Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
})
It("works with a long certificate chain", func() { It("works with a long certificate chain", func() {
runServer(getTLSConfigWithLongCertChain()) runServer(getTLSConfigWithLongCertChain())
_, err := quic.DialAddr( _, err := quic.DialAddr(

7
internal/handshake/crypto_setup.go
View file

@ -134,6 +134,13 @@ func NewCryptoSetupServer(
return gcfc(info) return gcfc(info)
} }
} }
if quicConf.TLSConfig.GetCertificate != nil {
gc := quicConf.TLSConfig.GetCertificate
quicConf.TLSConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
info.Conn = &conn{localAddr: localAddr, remoteAddr: remoteAddr}
return gc(info)
}
}
cs.tlsConf = quicConf.TLSConfig cs.tlsConf = quicConf.TLSConfig
cs.conn = qtls.QUICServer(quicConf) cs.conn = qtls.QUICServer(quicConf)