buildGetCertificates returns the certificate that matches the SNI field for the given ClientHelloInfo, defaulting to the first element of o.GetCertificates.
(clientHello *tls.ClientHelloInfo, o *Options)
| 26 | // buildGetCertificates returns the certificate that matches the SNI field |
| 27 | // for the given ClientHelloInfo, defaulting to the first element of o.GetCertificates. |
| 28 | func buildGetCertificates(clientHello *tls.ClientHelloInfo, o *Options) (*tls.Certificate, error) { |
| 29 | if o.IdentityOptions.GetIdentityCertificatesForServer == nil { |
| 30 | return nil, fmt.Errorf("function GetCertificates must be specified") |
| 31 | } |
| 32 | certificates, err := o.IdentityOptions.GetIdentityCertificatesForServer(clientHello) |
| 33 | if err != nil { |
| 34 | return nil, err |
| 35 | } |
| 36 | if len(certificates) == 0 { |
| 37 | return nil, fmt.Errorf("no certificates configured") |
| 38 | } |
| 39 | // If users pass in only one certificate, return that certificate. |
| 40 | if len(certificates) == 1 { |
| 41 | return certificates[0], nil |
| 42 | } |
| 43 | // Choose the SNI certificate using SupportsCertificate. |
| 44 | for _, cert := range certificates { |
| 45 | if err := clientHello.SupportsCertificate(cert); err == nil { |
| 46 | return cert, nil |
| 47 | } |
| 48 | } |
| 49 | // If nothing matches, return the first certificate. |
| 50 | return certificates[0], nil |
| 51 | } |