-/*
-godlighty -- highly-customizable HTTP, HTTP/2, HTTPS server
-Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
+// godlighty -- highly-customizable HTTP, HTTP/2, HTTPS server
+// Copyright (C) 2021-2025 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
package godlighty
"fmt"
"log"
"os"
+ "slices"
)
var (
)
func CHIHasTLS13(chi *tls.ClientHelloInfo) bool {
- for _, v := range chi.SupportedVersions {
- if v == tls.VersionTLS13 {
- return true
- }
- }
- return false
+ return slices.Contains(chi.SupportedVersions, tls.VersionTLS13)
}
func CHIHasEdDSA(chi *tls.ClientHelloInfo) bool {
if !CHIHasTLS13(chi) {
return false
}
- for _, ss := range chi.SignatureSchemes {
- if ss == tls.Ed25519 {
- return true
- }
- }
- return false
+ return slices.Contains(chi.SignatureSchemes, tls.Ed25519)
}
func GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
return cert, nil
}
}
- if CHIHasEdDSA(chi) {
- if cert := HostToEdDSACertificate[chi.ServerName]; cert != nil {
- return cert, nil
+ var cert *tls.Certificate
+ if len(HostToECDSACertificate) == 0 {
+ cert = HostToEdDSACertificate[chi.ServerName]
+ } else {
+ if CHIHasEdDSA(chi) {
+ if cert = HostToEdDSACertificate[chi.ServerName]; cert != nil {
+ return cert, nil
+ }
}
+ cert = HostToECDSACertificate[chi.ServerName]
}
- cert := HostToECDSACertificate[chi.ServerName]
if cert == nil {
return nil, errors.New("no certificate found")
}
if CHIHasGOST(chi) {
pool = HostGOSTClientAuth[chi.ServerName]
}
- if pool == nil && CHIHasEdDSA(chi) {
+ if pool == nil && (CHIHasEdDSA(chi) || len(HostECDSAClientAuth) == 0) {
pool = HostEdDSAClientAuth[chi.ServerName]
}
if pool == nil {
log.Fatalln(err)
}
pool.AddCert(ca)
+ (*hostClientAuth)[host] = pool
}
}
- if len(pool.Subjects()) > 0 {
- (*hostClientAuth)[host] = pool
- }
}
func LoadCertificates() {