Dragonfly2

1
/*
2
 *     Copyright 2022 The Dragonfly Authors
3
 *
4
 * Licensed under the Apache License, Version 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 *
8
 *      http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16

17
package config
18

19
import (
20
	"crypto/tls"
21
	"net"
22

23
	"github.com/johanbrandhorst/certify"
24

25
	logger "d7y.io/dragonfly/v2/internal/dflog"
26
)
27

28
func GetCertificate(certifyClient *certify.Certify) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
29
	return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
30
		// FIXME peers need pure ip cert, certify checks the ServerName, so workaround here
31
		if hello.ServerName == "" {
32
			host, _, err := net.SplitHostPort(hello.Conn.LocalAddr().String())
33
			if err == nil {
34
				hello.ServerName = host
35
			} else {
36
				logger.Warnf("failed to get host from %s: %s", hello.Conn.LocalAddr().String(), err)
37
			}
38
		}
39
		return certifyClient.GetCertificate(hello)
40
	}
41
}
42