3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-10 22:19:31 +01:00

work around a chrome bug

This commit is contained in:
Shivaram Lingamneni 2020-05-05 04:07:57 -04:00
parent 620e30293d
commit 4ef6c58317

View File

@ -743,14 +743,22 @@ func (conf *Config) Operators(oc map[string]*OperClass) (map[string]*Oper, error
return operators, nil return operators, nil
} }
func loadTlsConfig(config TLSListenConfig) (tlsConfig *tls.Config, err error) { func loadTlsConfig(config TLSListenConfig, webSocket bool) (tlsConfig *tls.Config, err error) {
cert, err := tls.LoadX509KeyPair(config.Cert, config.Key) cert, err := tls.LoadX509KeyPair(config.Cert, config.Key)
if err != nil { if err != nil {
return nil, ErrInvalidCertKeyPair return nil, ErrInvalidCertKeyPair
} }
clientAuth := tls.RequestClientCert
if webSocket {
// if Chrome receives a server request for a client certificate
// on a websocket connection, it will immediately disconnect:
// https://bugs.chromium.org/p/chromium/issues/detail?id=329884
// work around this behavior:
clientAuth = tls.NoClientCert
}
result := tls.Config{ result := tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
ClientAuth: tls.RequestClientCert, ClientAuth: clientAuth,
} }
return &result, nil return &result, nil
} }
@ -771,7 +779,7 @@ func (conf *Config) prepareListeners() (err error) {
return fmt.Errorf("%s is configured as a STS-only listener, but STS is disabled", addr) return fmt.Errorf("%s is configured as a STS-only listener, but STS is disabled", addr)
} }
if block.TLS.Cert != "" { if block.TLS.Cert != "" {
tlsConfig, err := loadTlsConfig(block.TLS) tlsConfig, err := loadTlsConfig(block.TLS, block.WebSocket)
if err != nil { if err != nil {
return err return err
} }