]> Sergey Matveev's repositories - godlighty.git/commitdiff
projects / godlighty.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e863948)
Ability to work without ECDSA
authorSergey Matveev <stargrave@stargrave.org>
Mon, 4 Dec 2023 14:27:50 +0000 (17:27 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Mon, 4 Dec 2023 14:28:29 +0000 (17:28 +0300)
tls.go patch | blob | history

diff --git a/tls.go b/tls.go
index 0451b0328f27b66dd1150155174567ea359d711d..b2ad433d6ddc0bb3d16c2c0b391b4ae0fadfa8cb 100644 (file)
--- a/tls.go
+++ b/tls.go
@@ -67,12 +67,17 @@ func GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
                        return cert, nil
                }
        }
-       if CHIHasEdDSA(chi) {
-               if cert := HostToEdDSACertificate[chi.ServerName]; cert != nil {
-                       return cert, nil
+       var cert *tls.Certificate
+       if len(HostToECDSACertificate) == 0 {
+               cert = HostToEdDSACertificate[chi.ServerName]
+       } else {
+               if CHIHasEdDSA(chi) {
+                       if cert := HostToEdDSACertificate[chi.ServerName]; cert != nil {
+                               return cert, nil
+                       }
                }
+               cert = HostToECDSACertificate[chi.ServerName]
        }
-       cert := HostToECDSACertificate[chi.ServerName]
        if cert == nil {
                return nil, errors.New("no certificate found")
        }
@@ -84,7 +89,7 @@ func GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error) {
        if CHIHasGOST(chi) {
                pool = HostGOSTClientAuth[chi.ServerName]
        }
-       if pool == nil && CHIHasEdDSA(chi) {
+       if pool == nil && (CHIHasEdDSA(chi) || len(HostECDSAClientAuth) == 0) {
                pool = HostEdDSAClientAuth[chi.ServerName]
        }
        if pool == nil {
Highly-customizable HTTP, HTTP/2, HTTPS server written on pure Go