MCPcopy
hub / github.com/grpc/grpc-go / buildGetCertificates

Function buildGetCertificates

security/advancedtls/sni.go:28–51  ·  view source on GitHub ↗

buildGetCertificates returns the certificate that matches the SNI field for the given ClientHelloInfo, defaulting to the first element of o.GetCertificates.

(clientHello *tls.ClientHelloInfo, o *Options)

Source from the content-addressed store, hash-verified

26// buildGetCertificates returns the certificate that matches the SNI field
27// for the given ClientHelloInfo, defaulting to the first element of o.GetCertificates.
28func buildGetCertificates(clientHello *tls.ClientHelloInfo, o *Options) (*tls.Certificate, error) {
29 if o.IdentityOptions.GetIdentityCertificatesForServer == nil {
30 return nil, fmt.Errorf("function GetCertificates must be specified")
31 }
32 certificates, err := o.IdentityOptions.GetIdentityCertificatesForServer(clientHello)
33 if err != nil {
34 return nil, err
35 }
36 if len(certificates) == 0 {
37 return nil, fmt.Errorf("no certificates configured")
38 }
39 // If users pass in only one certificate, return that certificate.
40 if len(certificates) == 1 {
41 return certificates[0], nil
42 }
43 // Choose the SNI certificate using SupportsCertificate.
44 for _, cert := range certificates {
45 if err := clientHello.SupportsCertificate(cert); err == nil {
46 return cert, nil
47 }
48 }
49 // If nothing matches, return the first certificate.
50 return certificates[0], nil
51}

Callers 1

serverConfigMethod · 0.85

Calls 1

ErrorfMethod · 0.65

Tested by

no test coverage detected