MCPcopy
hub / github.com/XTLS/REALITY / getCertificate

Method getCertificate

common.go:1296–1337  ·  view source on GitHub ↗

getCertificate returns the best certificate for the given ClientHelloInfo, defaulting to the first element of c.Certificates.

(clientHello *ClientHelloInfo)

Source from the content-addressed store, hash-verified

1294// getCertificate returns the best certificate for the given ClientHelloInfo,
1295// defaulting to the first element of c.Certificates.
1296func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) {
1297 if c.GetCertificate != nil &&
1298 (len(c.Certificates) == 0 || len(clientHello.ServerName) > 0) {
1299 cert, err := c.GetCertificate(clientHello)
1300 if cert != nil || err != nil {
1301 return cert, err
1302 }
1303 }
1304
1305 if len(c.Certificates) == 0 {
1306 return nil, errNoCertificates
1307 }
1308
1309 if len(c.Certificates) == 1 {
1310 // There's only one choice, so no point doing any work.
1311 return &c.Certificates[0], nil
1312 }
1313
1314 if c.NameToCertificate != nil {
1315 name := strings.ToLower(clientHello.ServerName)
1316 if cert, ok := c.NameToCertificate[name]; ok {
1317 return cert, nil
1318 }
1319 if len(name) > 0 {
1320 labels := strings.Split(name, ".")
1321 labels[0] = "*"
1322 wildcardName := strings.Join(labels, ".")
1323 if cert, ok := c.NameToCertificate[wildcardName]; ok {
1324 return cert, nil
1325 }
1326 }
1327 }
1328
1329 for _, cert := range c.Certificates {
1330 if err := clientHello.SupportsCertificate(&cert); err == nil {
1331 return &cert, nil
1332 }
1333 }
1334
1335 // If nothing matches, return the first certificate.
1336 return &c.Certificates[0], nil
1337}
1338
1339// SupportsCertificate returns nil if the provided certificate is supported by
1340// the client that sent the ClientHello. Otherwise, it returns an error

Callers 2

pickCertificateMethod · 0.80
processClientHelloMethod · 0.80

Calls 1

SupportsCertificateMethod · 0.45

Tested by

no test coverage detected