-
Notifications
You must be signed in to change notification settings - Fork 1
/
mint_utils.go
52 lines (49 loc) · 1.46 KB
/
mint_utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package quic
import (
gocrypto "crypto"
"crypto/tls"
"crypto/x509"
"errors"
"github.com/bifurcation/mint"
"github.com/ipsn/go-ipfs/gxlibs/github.com/lucas-clemente/quic-go/internal/protocol"
)
func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Config, error) {
mconf := &mint.Config{
NonBlocking: true,
CipherSuites: []mint.CipherSuite{
mint.TLS_AES_128_GCM_SHA256,
mint.TLS_AES_256_GCM_SHA384,
},
}
if tlsConf != nil {
mconf.ServerName = tlsConf.ServerName
mconf.InsecureSkipVerify = tlsConf.InsecureSkipVerify
mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates))
mconf.RootCAs = tlsConf.RootCAs
mconf.VerifyPeerCertificate = tlsConf.VerifyPeerCertificate
for i, certChain := range tlsConf.Certificates {
mconf.Certificates[i] = &mint.Certificate{
Chain: make([]*x509.Certificate, len(certChain.Certificate)),
PrivateKey: certChain.PrivateKey.(gocrypto.Signer),
}
for j, cert := range certChain.Certificate {
c, err := x509.ParseCertificate(cert)
if err != nil {
return nil, err
}
mconf.Certificates[i].Chain[j] = c
}
}
switch tlsConf.ClientAuth {
case tls.NoClientCert:
case tls.RequireAnyClientCert:
mconf.RequireClientAuth = true
default:
return nil, errors.New("mint currently only support ClientAuthType RequireAnyClientCert")
}
}
if err := mconf.Init(pers == protocol.PerspectiveClient); err != nil {
return nil, err
}
return mconf, nil
}