getCertificate returns the best certificate for the given ClientHelloInfo, defaulting to the first element of c.Certificates.
(clientHello *ClientHelloInfo)
| 1294 | // getCertificate returns the best certificate for the given ClientHelloInfo, |
| 1295 | // defaulting to the first element of c.Certificates. |
| 1296 | func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) { |
| 1297 | if c.GetCertificate != nil && |
| 1298 | (len(c.Certificates) == 0 || len(clientHello.ServerName) > 0) { |
| 1299 | cert, err := c.GetCertificate(clientHello) |
| 1300 | if cert != nil || err != nil { |
| 1301 | return cert, err |
| 1302 | } |
| 1303 | } |
| 1304 | |
| 1305 | if len(c.Certificates) == 0 { |
| 1306 | return nil, errNoCertificates |
| 1307 | } |
| 1308 | |
| 1309 | if len(c.Certificates) == 1 { |
| 1310 | // There's only one choice, so no point doing any work. |
| 1311 | return &c.Certificates[0], nil |
| 1312 | } |
| 1313 | |
| 1314 | if c.NameToCertificate != nil { |
| 1315 | name := strings.ToLower(clientHello.ServerName) |
| 1316 | if cert, ok := c.NameToCertificate[name]; ok { |
| 1317 | return cert, nil |
| 1318 | } |
| 1319 | if len(name) > 0 { |
| 1320 | labels := strings.Split(name, ".") |
| 1321 | labels[0] = "*" |
| 1322 | wildcardName := strings.Join(labels, ".") |
| 1323 | if cert, ok := c.NameToCertificate[wildcardName]; ok { |
| 1324 | return cert, nil |
| 1325 | } |
| 1326 | } |
| 1327 | } |
| 1328 | |
| 1329 | for _, cert := range c.Certificates { |
| 1330 | if err := clientHello.SupportsCertificate(&cert); err == nil { |
| 1331 | return &cert, nil |
| 1332 | } |
| 1333 | } |
| 1334 | |
| 1335 | // If nothing matches, return the first certificate. |
| 1336 | return &c.Certificates[0], nil |
| 1337 | } |
| 1338 | |
| 1339 | // SupportsCertificate returns nil if the provided certificate is supported by |
| 1340 | // the client that sent the ClientHello. Otherwise, it returns an error |
no test coverage detected