mirror of
https://github.com/v2fly/v2ray-core.git
synced 2024-12-22 18:17:52 -05:00
53 lines
1.4 KiB
Go
53 lines
1.4 KiB
Go
|
package quic
|
||
|
|
||
|
import (
|
||
|
gocrypto "crypto"
|
||
|
"crypto/tls"
|
||
|
"crypto/x509"
|
||
|
"errors"
|
||
|
|
||
|
"github.com/bifurcation/mint"
|
||
|
"github.com/lucas-clemente/quic-go/internal/protocol"
|
||
|
)
|
||
|
|
||
|
func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Config, error) {
|
||
|
mconf := &mint.Config{
|
||
|
NonBlocking: true,
|
||
|
CipherSuites: []mint.CipherSuite{
|
||
|
mint.TLS_AES_128_GCM_SHA256,
|
||
|
mint.TLS_AES_256_GCM_SHA384,
|
||
|
},
|
||
|
}
|
||
|
if tlsConf != nil {
|
||
|
mconf.ServerName = tlsConf.ServerName
|
||
|
mconf.InsecureSkipVerify = tlsConf.InsecureSkipVerify
|
||
|
mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates))
|
||
|
mconf.RootCAs = tlsConf.RootCAs
|
||
|
mconf.VerifyPeerCertificate = tlsConf.VerifyPeerCertificate
|
||
|
for i, certChain := range tlsConf.Certificates {
|
||
|
mconf.Certificates[i] = &mint.Certificate{
|
||
|
Chain: make([]*x509.Certificate, len(certChain.Certificate)),
|
||
|
PrivateKey: certChain.PrivateKey.(gocrypto.Signer),
|
||
|
}
|
||
|
for j, cert := range certChain.Certificate {
|
||
|
c, err := x509.ParseCertificate(cert)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
mconf.Certificates[i].Chain[j] = c
|
||
|
}
|
||
|
}
|
||
|
switch tlsConf.ClientAuth {
|
||
|
case tls.NoClientCert:
|
||
|
case tls.RequireAnyClientCert:
|
||
|
mconf.RequireClientAuth = true
|
||
|
default:
|
||
|
return nil, errors.New("mint currently only support ClientAuthType RequireAnyClientCert")
|
||
|
}
|
||
|
}
|
||
|
if err := mconf.Init(pers == protocol.PerspectiveClient); err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return mconf, nil
|
||
|
}
|