tls: Set a GetCertificate callback in the tls.Config (#2404)

A tls.Config must have Certificates or GetCertificate set, in order to be accepted by tls.Listen and quic.Listen.

tls: Set a GetCertificate callback in the tls.Config (#2404)
A tls.Config must have Certificates or GetCertificate set, in order to be accepted by tls.Listen and quic.Listen.
e14328b7 · Marten Seemann · Matt Holt · f5aaa471 · e14328b7
Commit e14328b7 authored Jan 14, 2019 by Marten Seemann Committed by Matt Holt Jan 13, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

caddytls/config.go caddytls/config.go +7 -0

No files found.
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -269,6 +269,13 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
 	}
 	return &tls.Config{
+		// A tls.Config must have Certificates or GetCertificate
+		// set, in order to be accepted by tls.Listen and quic.Listen.
+		// TODO: remove this once the standard library allows a tls.Config with
+		// only GetConfigForClient set.
+		GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
+			return nil, fmt.Errorf("all certificates configured via GetConfigForClient")
+		},
 		GetConfigForClient: configMap.GetConfigForClient,
 	}, nil
 }