Skip to content

Commit e3100c9

Browse files
jkralikjkralik
committed
TLSConfig to DTLSConfig
1 parent d196134 commit e3100c9

1 file changed

Lines changed: 32 additions & 13 deletions

File tree

pkg/net/coap/service/udpServer.go

Lines changed: 32 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,33 @@ func toDTLSClientAuth(t tls.ClientAuthType) dtls.ClientAuthType {
7575
return mapDTLSClientAuth[t]
7676
}
7777

78+
func TLSConfigToDTLSConfig(tlsConfig *tls.Config) *dtls.Config {
79+
var getClientCertificate func(cri *dtls.CertificateRequestInfo) (*tls.Certificate, error)
80+
if tlsConfig.GetClientCertificate != nil {
81+
getClientCertificate = func(cri *dtls.CertificateRequestInfo) (*tls.Certificate, error) {
82+
return tlsConfig.GetClientCertificate(&tls.CertificateRequestInfo{AcceptableCAs: cri.AcceptableCAs})
83+
}
84+
}
85+
var getCertificate func(chi *dtls.ClientHelloInfo) (*tls.Certificate, error)
86+
if tlsConfig.GetCertificate != nil {
87+
getCertificate = func(chi *dtls.ClientHelloInfo) (*tls.Certificate, error) {
88+
return tlsConfig.GetCertificate(&tls.ClientHelloInfo{ServerName: chi.ServerName})
89+
}
90+
}
91+
return &dtls.Config{
92+
GetCertificate: getCertificate,
93+
ClientCAs: tlsConfig.ClientCAs,
94+
VerifyPeerCertificate: tlsConfig.VerifyPeerCertificate,
95+
RootCAs: tlsConfig.RootCAs,
96+
InsecureSkipVerify: tlsConfig.InsecureSkipVerify,
97+
Certificates: tlsConfig.Certificates,
98+
ServerName: tlsConfig.ServerName,
99+
GetClientCertificate: getClientCertificate,
100+
ClientAuth: toDTLSClientAuth(tlsConfig.ClientAuth),
101+
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM, dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
102+
}
103+
}
104+
78105
func newDTLSListener(config Config, serviceOpts Options, fileWatcher *fsnotify.Watcher, logger log.Logger) (coapDtlsServer.Listener, func(), error) {
79106
var closeListener fn.FuncList
80107
coapsTLS, err := certManagerServer.New(config.TLS.Embedded, fileWatcher, logger)
@@ -86,20 +113,12 @@ func newDTLSListener(config Config, serviceOpts Options, fileWatcher *fsnotify.W
86113
if serviceOpts.OverrideTLSConfig != nil {
87114
tlsCfg = serviceOpts.OverrideTLSConfig(tlsCfg)
88115
}
89-
dtlsCfg := dtls.Config{
90-
GetCertificate: func(chi *dtls.ClientHelloInfo) (*tls.Certificate, error) {
91-
return tlsCfg.GetCertificate(&tls.ClientHelloInfo{ServerName: chi.ServerName})
92-
},
93-
ClientCAs: tlsCfg.ClientCAs,
94-
VerifyPeerCertificate: tlsCfg.VerifyPeerCertificate,
95-
ClientAuth: toDTLSClientAuth(tlsCfg.ClientAuth),
96-
LoggerFactory: logger.DTLSLoggerFactory(),
97-
CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM, dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
98-
ConnectContextMaker: func() (context.Context, func()) {
99-
return context.WithTimeout(context.Background(), config.GetTimeout())
100-
},
116+
dtlsCfg := TLSConfigToDTLSConfig(tlsCfg)
117+
dtlsCfg.LoggerFactory = logger.DTLSLoggerFactory()
118+
dtlsCfg.ConnectContextMaker = func() (context.Context, func()) {
119+
return context.WithTimeout(context.Background(), config.GetTimeout())
101120
}
102-
listener, err := net.NewDTLSListener("udp", config.Addr, &dtlsCfg)
121+
listener, err := net.NewDTLSListener("udp", config.Addr, dtlsCfg)
103122
if err != nil {
104123
closeListener.Execute()
105124
return nil, nil, fmt.Errorf("cannot create dtls listener: %w", err)

0 commit comments

Comments
 (0)