Init expected cert data only once

grepplabs · Sep 18, 2020 · 3c385ba · 3c385ba
1 parent 7ce2980
commit 3c385ba
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/proxy/tls.go b/proxy/tls.go
@@ -145,11 +145,10 @@ func newTLSListenerConfig(conf *config.Config) (*tls.Config, error) {
 }
 
 func tlsClientCertVerificationFunc(conf *config.Config) func([][]byte, [][]*x509.Certificate) error {
+	expectedData := getClientCertExpectedData(conf)
 	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 		if conf.Proxy.TLS.ClientCert.ValidateSubject {
 
-			expectedData := getClientCertExpectedData(conf)
-
 			if len(expectedData.fields) == 0 {
 				return nil // nothing to validate
 			}