Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: use Config.GetCertificate before Config.Certificates, even without SNI #9208

Closed
gopherbot opened this issue Dec 5, 2014 · 4 comments
Closed

crypto/tls: use Config.GetCertificate before Config.Certificates, even without SNI #9208

gopherbot opened this issue Dec 5, 2014 · 4 comments
Labels
FrozenDueToAge

Comments

@gopherbot
Copy link 

I'd like to be able to use GetCertificate to dynamically generate a certificate at the
time the request comes in (with caching on top). As is, the code always checks
config.Certificates first, even if it won't be used.

My wish is:

1. GetCertificate would be called even without SNI (no SNI shows up as
ClientHelloInfo.ServerName=="", the docs already talk about this)

2. config.Certificates would be looked at only if GetCertificate returns nil, nil
@gopherbot gopherbot added the new label Dec 5, 2014
@bradfitz bradfitz removed the new label Dec 18, 2014
@rsc
Copy link
Contributor

rsc commented Apr 10, 2015

I doubt this can be changed without breaking Go 1.x compatibility.

@agl

@rsc
Copy link
Contributor

rsc commented Apr 10, 2015

Or maybe if Certificates == nil?

@rsc rsc changed the title crypto/tls: Allow using Config.GetCertificate to fully replace Config.Certificates, call it even without SNI crypto/tls: use Config.GetCertificate before Config.Certificates, even without SNI Apr 10, 2015
@agl agl self-assigned this Apr 12, 2015
@agl
Copy link
Contributor

agl commented Apr 12, 2015

https://go-review.googlesource.com/8792

@gopherbot
Copy link
Author

CL https://golang.org/cl/8792 mentions this issue.

@agl agl closed this as completed in cba882e Apr 26, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl
crypto/tls: call GetCertificate if Certificates is empty.
ee94166 
This change causes the GetCertificate callback to be called if
Certificates is empty. Previously this configuration would result in an
error.

This allows people to have servers that depend entirely on dynamic
certificate selection, even when the client doesn't send SNI.

Fixes golang#9208.

Change-Id: I2f5a5551215958b88b154c64a114590300dfc461
Reviewed-on: https://go-review.googlesource.com/8792
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl
crypto/tls: call GetCertificate if Certificates is empty.
0269b01 
This change causes the GetCertificate callback to be called if
Certificates is empty. Previously this configuration would result in an
error.

This allows people to have servers that depend entirely on dynamic
certificate selection, even when the client doesn't send SNI.

Fixes golang#9208.

Change-Id: I2f5a5551215958b88b154c64a114590300dfc461
Reviewed-on: https://go-review.googlesource.com/8792
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bradfitz @agl @rsc @gopherbot