server: Populate (*Request).Certificate field

2020-11-01 16:25:59 -05:00
parent cc372e8768
commit b6475aa7d9
3 changed files with 38 additions and 39 deletions
--- a/server.go
+++ b/server.go
@@ -3,7 +3,6 @@ package gemini
 import (
 	"bufio"
 	"crypto/tls"
-	"crypto/x509"
 	"log"
 	"net"
 	"net/url"
@@ -199,10 +198,24 @@ func (s *Server) respond(conn net.Conn) {
 		if url.Scheme == "" {
 			url.Scheme = "gemini"
 		}
+
+		// Store information about the TLS connection
+		connState := conn.(*tls.Conn).ConnectionState()
+		var cert *tls.Certificate
+		if len(connState.PeerCertificates) > 0 {
+			peerCert := connState.PeerCertificates[0]
+			// Store the TLS certificate
+			cert = &tls.Certificate{
+				Certificate: [][]byte{peerCert.Raw},
+				Leaf:        peerCert,
+			}
+		}
+
 		req := &Request{
-			URL:        url,
-			RemoteAddr: conn.RemoteAddr(),
-			TLS:        conn.(*tls.Conn).ConnectionState(),
+			URL:         url,
+			RemoteAddr:  conn.RemoteAddr(),
+			TLS:         connState,
+			Certificate: cert,
 		}
 		resp := s.responder(req)
 		if resp != nil {
@@ -330,22 +343,3 @@ func Input(r *Request) (query string, ok bool) {
 	}
 	return "", false
 }
-
-// Certificate returns the request certificate.
-// It returns nil if no certificate was provided.
-//
-// Example:
-//
-//    cert := gemini.Certificate(req)
-//    if cert == nil {
-//        w.WriteStatus(gemini.StatusCertificateRequired)
-//        return
-//    }
-//    // ...
-//
-func Certificate(r *Request) *x509.Certificate {
-	if len(r.TLS.PeerCertificates) == 0 {
-		return nil
-	}
-	return r.TLS.PeerCertificates[0]
-}