3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-31 23:22:38 +01:00

populate (tls.Certificate).Leaf

This commit is contained in:
Shivaram Lingamneni 2021-04-07 22:35:54 -04:00
parent 2e3e4f72ba
commit f9c1a00b91

View File

@ -8,6 +8,7 @@ package irc
import ( import (
"bytes" "bytes"
"crypto/tls" "crypto/tls"
"crypto/x509"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -846,7 +847,7 @@ func (conf *Config) Operators(oc map[string]*OperClass) (map[string]*Oper, error
} }
func loadTlsConfig(config TLSListenConfig, webSocket bool) (tlsConfig *tls.Config, err error) { func loadTlsConfig(config TLSListenConfig, webSocket bool) (tlsConfig *tls.Config, err error) {
cert, err := tls.LoadX509KeyPair(config.Cert, config.Key) cert, err := loadCertWithLeaf(config.Cert, config.Key)
if err != nil { if err != nil {
return nil, &CertKeyError{Err: err} return nil, &CertKeyError{Err: err}
} }
@ -865,6 +866,20 @@ func loadTlsConfig(config TLSListenConfig, webSocket bool) (tlsConfig *tls.Confi
return &result, nil return &result, nil
} }
func loadCertWithLeaf(certFile, keyFile string) (cert tls.Certificate, err error) {
// LoadX509KeyPair: "On successful return, Certificate.Leaf will be nil because
// the parsed form of the certificate is not retained." tls.Config:
// "Note: if there are multiple Certificates, and they don't have the
// optional field Leaf set, certificate selection will incur a significant
// per-handshake performance cost."
cert, err = tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return
}
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
return
}
// prepareListeners populates Config.Server.trueListeners // prepareListeners populates Config.Server.trueListeners
func (conf *Config) prepareListeners() (err error) { func (conf *Config) prepareListeners() (err error) {
if len(conf.Server.Listeners) == 0 { if len(conf.Server.Listeners) == 0 {