diff options
Diffstat (limited to 'gemini')
-rw-r--r-- | gemini/tls.go | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/gemini/tls.go b/gemini/tls.go index 5b35fb6..1ea0f3c 100644 --- a/gemini/tls.go +++ b/gemini/tls.go @@ -1,6 +1,9 @@ package gemini -import "crypto/tls" +import ( + "crypto/tls" + "errors" +) // FileTLS builds a TLS configuration from paths to a certificate and key file. // @@ -17,3 +20,30 @@ func FileTLS(certfile string, keyfile string) (*tls.Config, error) { ClientAuth: tls.RequestClientCert, }, nil } + +// MultiTLS returns a *tls.Config usable for virtual hosting multiple domains. +// +// The provided configs map should be keyed on domain names, and the fallback will +// be used if the client does not support SNI, or if the requested domain isn't found. +func MultiTLS(configs map[string]*tls.Config, fallback *tls.Config) *tls.Config { + multi := &tls.Config{ + MinVersion: tls.VersionTLS12, + ClientAuth: tls.RequestClientCert, + GetConfigForClient: func(info *tls.ClientHelloInfo) (*tls.Config, error) { + conf, ok := configs[info.ServerName] + if !ok { + if fallback == nil { + return nil, errors.New("no TLS config found") + } + conf = fallback + } + return conf, nil + }, + } + + if fallback != nil { + multi.Certificates = fallback.Certificates + } + + return multi +} |