]> Sergey Matveev's repositories - godlighty.git/blobdiff - tls.go
projects / godlighty.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use mtime instead of ctime
[godlighty.git] / tls.go
diff --git a/tls.go b/tls.go
index 684146d725559c0f613ffb6de38ce0cf78fcf723..28f54fb6737d8fee566dcffdbfe53298a7d3933b 100644 (file)
--- a/tls.go
+++ b/tls.go
@@ -1,19 +1,17 @@
-/*
-godlighty -- highly-customizable HTTP, HTTP/2, HTTPS server
-Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+// godlighty -- highly-customizable HTTP, HTTP/2, HTTPS server
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package godlighty
 
@@ -67,12 +65,17 @@ func GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
                        return cert, nil
                }
        }
-       if CHIHasEdDSA(chi) {
-               if cert := HostToEdDSACertificate[chi.ServerName]; cert != nil {
-                       return cert, nil
+       var cert *tls.Certificate
+       if len(HostToECDSACertificate) == 0 {
+               cert = HostToEdDSACertificate[chi.ServerName]
+       } else {
+               if CHIHasEdDSA(chi) {
+                       if cert := HostToEdDSACertificate[chi.ServerName]; cert != nil {
+                               return cert, nil
+                       }
                }
+               cert = HostToECDSACertificate[chi.ServerName]
        }
-       cert := HostToECDSACertificate[chi.ServerName]
        if cert == nil {
                return nil, errors.New("no certificate found")
        }
@@ -84,7 +87,7 @@ func GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error) {
        if CHIHasGOST(chi) {
                pool = HostGOSTClientAuth[chi.ServerName]
        }
-       if pool == nil && CHIHasEdDSA(chi) {
+       if pool == nil && (CHIHasEdDSA(chi) || len(HostECDSAClientAuth) == 0) {
                pool = HostEdDSAClientAuth[chi.ServerName]
        }
        if pool == nil {
@@ -149,11 +152,9 @@ func loadCertificates(
                                log.Fatalln(err)
                        }
                        pool.AddCert(ca)
+                       (*hostClientAuth)[host] = pool
                }
        }
-       if len(pool.Subjects()) > 0 {
-               (*hostClientAuth)[host] = pool
-       }
 }
 
 func LoadCertificates() {
Highly-customizable HTTP, HTTP/2, HTTPS server written on pure Go