MCPcopy
hub / github.com/caddyserver/certmagic / selectCert

Method selectCert

handshake.go:186–226  ·  view source on GitHub ↗

selectCert uses hello to select a certificate from the cache for name. If cfg.CertSelection is set, it will be used to make the decision. Otherwise, the first matching unexpired cert is returned. As a special case, if no certificates match name and cfg.CertSelection is set, then all certificates in

(hello *tls.ClientHelloInfo, name string)

Source from the content-addressed store, hash-verified

184// then all certificates in the cache will be passed in
185// for the cfg.CertSelection to make the final decision.
186func (cfg *Config) selectCert(hello *tls.ClientHelloInfo, name string) (Certificate, bool) {
187 logger := cfg.Logger.Named("handshake")
188 choices := cfg.certCache.getAllMatchingCerts(name)
189
190 if len(choices) == 0 {
191 if cfg.CertSelection == nil {
192 logger.Debug("no matching certificates and no custom selection logic", zap.String("identifier", name))
193 return Certificate{}, false
194 }
195 logger.Debug("no matching certificate; will choose from all certificates", zap.String("identifier", name))
196 choices = cfg.certCache.getAllCerts()
197 }
198
199 logger.Debug("choosing certificate",
200 zap.String("identifier", name),
201 zap.Int("num_choices", len(choices)))
202
203 if cfg.CertSelection == nil {
204 cert, err := DefaultCertificateSelector(hello, choices)
205 logger.Debug("default certificate selection results",
206 zap.Error(err),
207 zap.String("identifier", name),
208 zap.Strings("subjects", cert.Names),
209 zap.Bool("managed", cert.managed),
210 zap.String("issuer_key", cert.issuerKey),
211 zap.String("hash", cert.hash))
212 return cert, err == nil
213 }
214
215 cert, err := cfg.CertSelection.SelectCertificate(hello, choices)
216
217 logger.Debug("custom certificate selection results",
218 zap.Error(err),
219 zap.String("identifier", name),
220 zap.Strings("subjects", cert.Names),
221 zap.Bool("managed", cert.managed),
222 zap.String("issuer_key", cert.issuerKey),
223 zap.String("hash", cert.hash))
224
225 return cert, err == nil
226}
227
228// DefaultCertificateSelector is the default certificate selection logic
229// given a choice of certificates. If there is at least one certificate in

Callers 1

Calls 6

getAllMatchingCertsMethod · 0.80
StringMethod · 0.80
getAllCertsMethod · 0.80
ErrorMethod · 0.80
SelectCertificateMethod · 0.80

Tested by

no test coverage detected