Only generate certificates after CertificateRequired
This commit is contained in:
adnano
parent
ae4b458964
commit
5d099a4fe1
24
client.go
24
client.go
@ -6,6 +6,7 @@ import (
|
|||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"errors"
|
"errors"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -188,7 +189,7 @@ type Client struct {
|
|||||||
CertificateStore CertificateStore
|
CertificateStore CertificateStore
|
||||||
|
|
||||||
// GetCertificate, if not nil, will be called to determine which certificate
|
// GetCertificate, if not nil, will be called to determine which certificate
|
||||||
// (if any) should be used for a request.
|
// to use when the server responds with CertificateRequired.
|
||||||
GetCertificate func(hostname string, store CertificateStore) *tls.Certificate
|
GetCertificate func(hostname string, store CertificateStore) *tls.Certificate
|
||||||
|
|
||||||
// TrustCertificate, if not nil, will be called to determine whether the
|
// TrustCertificate, if not nil, will be called to determine whether the
|
||||||
@ -204,11 +205,6 @@ func (c *Client) Send(req *Request) (*Response, error) {
|
|||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
|
GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
|
||||||
if c.GetCertificate != nil {
|
|
||||||
if cert := c.GetCertificate(req.Hostname(), c.CertificateStore); cert != nil {
|
|
||||||
return cert, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if req.Certificate != nil {
|
if req.Certificate != nil {
|
||||||
return req.Certificate, nil
|
return req.Certificate, nil
|
||||||
}
|
}
|
||||||
@ -261,6 +257,22 @@ func (c *Client) Send(req *Request) (*Response, error) {
|
|||||||
}
|
}
|
||||||
// Store connection information
|
// Store connection information
|
||||||
resp.TLS = conn.ConnectionState()
|
resp.TLS = conn.ConnectionState()
|
||||||
|
|
||||||
|
// Resend the request with a certificate if the server responded
|
||||||
|
// with CertificateRequired
|
||||||
|
if resp.Status == StatusCertificateRequired {
|
||||||
|
// Check to see if a certificate was already provided to prevent an infinite loop
|
||||||
|
if req.Certificate != nil {
|
||||||
|
return resp, nil
|
||||||
|
}
|
||||||
|
if c.GetCertificate != nil {
|
||||||
|
if cert := c.GetCertificate(req.Hostname(), c.CertificateStore); cert != nil {
|
||||||
|
req.Certificate = cert
|
||||||
|
return c.Send(req)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return resp, nil
|
return resp, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -89,7 +89,6 @@ func sendRequest(req *gmi.Request) error {
|
|||||||
}
|
}
|
||||||
// Handle relative redirects
|
// Handle relative redirects
|
||||||
red.URL = req.URL.ResolveReference(red.URL)
|
red.URL = req.URL.ResolveReference(red.URL)
|
||||||
fmt.Println(red.URL, red.Host)
|
|
||||||
return sendRequest(red)
|
return sendRequest(red)
|
||||||
case gmi.StatusClassTemporaryFailure:
|
case gmi.StatusClassTemporaryFailure:
|
||||||
return fmt.Errorf("Temporary failure: %s", resp.Meta)
|
return fmt.Errorf("Temporary failure: %s", resp.Meta)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user