crypto/tls: add GetClientCertificate callback

Currently, the selection of a client certificate done internally based on the limitations given by the server's request and the certifcates in the Config. This means that it's not possible for an application to control that selection based on details of the request. This change adds a callback, GetClientCertificate, that is called by a Client during the handshake and which allows applications to select the best certificate at that time. (Based on https://golang.org/cl/25570/ by Bernd Fix.) Fixes #16626. Change-Id: Ia4cea03235d2aa3c9fd49c99c227593c8e86ddd9 Reviewed-on: https://go-review.googlesource.com/32115 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2025-04-04 04:27:36 +03:00 · 2016-10-26 10:05:03 -07:00 · 2016-10-26 10:05:03 -07:00 · 0b375e2be0
commit 0b375e2be0
parent 97a4987572
4 changed files with 287 additions and 73 deletions
--- a/tls_test.go
+++ b/tls_test.go
@ -584,7 +584,7 @@ func TestClone(t *testing.T) {
 		case "Rand":
 			f.Set(reflect.ValueOf(io.Reader(os.Stdin)))
 			continue
-		case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate":
+		case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "GetClientCertificate":
 			// DeepEqual can't compare functions.
 			continue
 		case "Certificates":