mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-22 11:59:40 +01:00
work around a chrome bug
This commit is contained in:
parent
620e30293d
commit
4ef6c58317
@ -743,14 +743,22 @@ func (conf *Config) Operators(oc map[string]*OperClass) (map[string]*Oper, error
|
||||
return operators, nil
|
||||
}
|
||||
|
||||
func loadTlsConfig(config TLSListenConfig) (tlsConfig *tls.Config, err error) {
|
||||
func loadTlsConfig(config TLSListenConfig, webSocket bool) (tlsConfig *tls.Config, err error) {
|
||||
cert, err := tls.LoadX509KeyPair(config.Cert, config.Key)
|
||||
if err != nil {
|
||||
return nil, ErrInvalidCertKeyPair
|
||||
}
|
||||
clientAuth := tls.RequestClientCert
|
||||
if webSocket {
|
||||
// if Chrome receives a server request for a client certificate
|
||||
// on a websocket connection, it will immediately disconnect:
|
||||
// https://bugs.chromium.org/p/chromium/issues/detail?id=329884
|
||||
// work around this behavior:
|
||||
clientAuth = tls.NoClientCert
|
||||
}
|
||||
result := tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
ClientAuth: tls.RequestClientCert,
|
||||
ClientAuth: clientAuth,
|
||||
}
|
||||
return &result, nil
|
||||
}
|
||||
@ -771,7 +779,7 @@ func (conf *Config) prepareListeners() (err error) {
|
||||
return fmt.Errorf("%s is configured as a STS-only listener, but STS is disabled", addr)
|
||||
}
|
||||
if block.TLS.Cert != "" {
|
||||
tlsConfig, err := loadTlsConfig(block.TLS)
|
||||
tlsConfig, err := loadTlsConfig(block.TLS, block.WebSocket)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user