Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Config.GetConfigForClient is not sufficient for Listen #29139

marten-seemann opened this issue Dec 7, 2018 · 1 comment


Copy link

commented Dec 7, 2018

What version of Go are you using (go version)?

$ go version
go version go1.11.2 darwin/amd64

What did you do?

Assume that I have a valid tls.Config (with Certificates set), saved in the variable conf.

Then I can start listening on a new connection by running

tls.Listen("tcp", "locahost:0", conf)

Now I want to build a more sophisticated tls.Config, which in the simplest case takes the following form

c := &tls.Config{
	GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) {
		return conf, nil


tls.Listen("tcp", "locahost:0", c)

returns tls: neither Certificates nor GetCertificate set in Config.

What did you expect to see?

tls.Listen should accept a tls.Config that has GetConfigForClient set, even if Certificates and GetCertificate is not set.
It should use the tls.Config returned by that callback, and close the connection with an error in case the returned tls.Config is nil or doesn't have any certificate configured, depending on the SNI.

What did you see instead?

tls.Listen didn't accept the tls.Config and returned an error.


This comment has been minimized.

Copy link

commented Dec 8, 2018

@bcmills bcmills added this to the Go1.13 milestone Dec 19, 2018

@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
4 participants
You can’t perform that action at this time.