Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Config.GetConfigForClient is not sufficient for Listen #29139

marten-seemann opened this issue Dec 7, 2018 · 3 comments


Copy link

@marten-seemann marten-seemann commented Dec 7, 2018

What version of Go are you using (go version)?

$ go version
go version go1.11.2 darwin/amd64

What did you do?

Assume that I have a valid tls.Config (with Certificates set), saved in the variable conf.

Then I can start listening on a new connection by running

tls.Listen("tcp", "locahost:0", conf)

Now I want to build a more sophisticated tls.Config, which in the simplest case takes the following form

c := &tls.Config{
	GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) {
		return conf, nil


tls.Listen("tcp", "locahost:0", c)

returns tls: neither Certificates nor GetCertificate set in Config.

What did you expect to see?

tls.Listen should accept a tls.Config that has GetConfigForClient set, even if Certificates and GetCertificate is not set.
It should use the tls.Config returned by that callback, and close the connection with an error in case the returned tls.Config is nil or doesn't have any certificate configured, depending on the SNI.

What did you see instead?

tls.Listen didn't accept the tls.Config and returned an error.


This comment has been minimized.

Copy link

@agnivade agnivade commented Dec 8, 2018

@bcmills bcmills added this to the Go1.13 milestone Dec 19, 2018
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019

This comment has been minimized.

Copy link

@FiloSottile FiloSottile commented Oct 1, 2019

Yep, see also #18377. Will fix.

@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.14 Oct 23, 2019

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Nov 3, 2019

Change mentions this issue: crypto/tls: select only compatible chains from Certificates

@gopherbot gopherbot closed this in eb93c68 Nov 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
7 participants
You can’t perform that action at this time.