+ }
+ if len(pool.Subjects()) > 0 {
+ (*hostClientAuth)[host] = pool
+ }
+}
+
+func LoadCertificates() {
+ HostToECDSACertificate = make(map[string]*tls.Certificate, len(Hosts))
+ HostECDSAClientAuth = make(map[string]*x509.CertPool)
+ HostToEdDSACertificate = make(map[string]*tls.Certificate, len(Hosts))
+ HostEdDSAClientAuth = make(map[string]*x509.CertPool)
+ HostToGOSTCertificate = make(map[string]*tls.Certificate, len(Hosts))
+ HostGOSTClientAuth = make(map[string]*x509.CertPool)
+ for host, cfg := range Hosts {
+ loadCertificates(host, cfg.ECDSATLS, &HostToECDSACertificate, &HostECDSAClientAuth)
+ loadCertificates(host, cfg.EdDSATLS, &HostToEdDSACertificate, &HostEdDSAClientAuth)
+ loadCertificates(host, cfg.GOSTTLS, &HostToGOSTCertificate, &HostGOSTClientAuth)
+ }
+}
+
+func NewTLSConfig() *tls.Config {
+ return &tls.Config{
+ MinVersion: tls.VersionTLS12,
+ NextProtos: NextProtos,
+ GetCertificate: GetCertificate,
+ GetConfigForClient: GetConfigForClient,