From 16663e2524c0eea212bf5e9a0b3eccf5273c7fe2 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Mon, 4 Apr 2016 02:10:52 +0200 Subject: Separate cert selector --- route.go | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) (limited to 'route.go') diff --git a/route.go b/route.go index 7e54650..04a488a 100644 --- a/route.go +++ b/route.go @@ -13,30 +13,23 @@ import ( // Routes defines a set of routes including correspondent TLS certificates type Routes map[string]Route +// SNI holds certificates +type SNI map[string]*tls.Certificate + type Route struct { Host, Upstream string Cert, Key []byte - certificate *tls.Certificate } func (r Route) String() string { - if r.certificate != nil { - return fmt.Sprintf("%v → %v with TLS", r.Host, r.Upstream) - } return fmt.Sprintf("%v → %v", r.Host, r.Upstream) } // GetCertificate returns certificate for SNI negotiation -func (r Routes) GetCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { +func (s SNI) GetCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { host := h.ServerName - if v, ok := r[host]; ok && v.certificate != nil { - return v.certificate, nil - } - // HACK search for certs without port - for k, v := range r { - if k[:len(host)] == host { - return v.certificate, nil - } + if v, ok := s[host]; ok { + return v, nil } return nil, errors.New("no cert for " + host) } -- cgit v1.2.3