New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Config.GetConfigForClient is not sufficient for Listen #29139

Open
marten-seemann opened this Issue Dec 7, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@marten-seemann
Copy link
Contributor

marten-seemann commented Dec 7, 2018

What version of Go are you using (go version)?

$ go version
go version go1.11.2 darwin/amd64

What did you do?

Assume that I have a valid tls.Config (with Certificates set), saved in the variable conf.

Then I can start listening on a new connection by running

tls.Listen("tcp", "locahost:0", conf)

Now I want to build a more sophisticated tls.Config, which in the simplest case takes the following form

c := &tls.Config{
	GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) {
		return conf, nil
	},
}

Now

tls.Listen("tcp", "locahost:0", c)

returns tls: neither Certificates nor GetCertificate set in Config.

What did you expect to see?

tls.Listen should accept a tls.Config that has GetConfigForClient set, even if Certificates and GetCertificate is not set.
It should use the tls.Config returned by that callback, and close the connection with an error in case the returned tls.Config is nil or doesn't have any certificate configured, depending on the SNI.

What did you see instead?

tls.Listen didn't accept the tls.Config and returned an error.

@agnivade

This comment has been minimized.

Copy link
Member

agnivade commented Dec 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment