generate the certificate chain on initialisation

1703ae03 · Marten Seemann · b74c4143 · 1703ae03 · 1703ae03
Commit 1703ae03 authored Jun 06, 2018 by Marten Seemann
--- a/listener.go
+++ b/listener.go
 package libp2pquic

 import (
+	"crypto/tls"
 	"net"

 	ic "github.com/libp2p/go-libp2p-crypto"
@@ -27,15 +28,11 @@ type listener struct {

 var _ tpt.Listener = &listener{}

-func newListener(addr ma.Multiaddr, transport tpt.Transport, localPeer peer.ID, key ic.PrivKey) (tpt.Listener, error) {
+func newListener(addr ma.Multiaddr, transport tpt.Transport, localPeer peer.ID, key ic.PrivKey, tlsConf *tls.Config) (tpt.Listener, error) {
 	_, host, err := manet.DialArgs(addr)
 	if err != nil {
 		return nil, err
 	}
-	tlsConf, err := generateConfig(key)
-	if err != nil {
-		return nil, err
-	}
 	ln, err := quicListenAddr(host, tlsConf, &quic.Config{Versions: []quic.VersionNumber{101}})
 	if err != nil {
 		return nil, err

--- a/transport.go
+++ b/transport.go
@@ -2,6 +2,7 @@ package libp2pquic

 import (
 	"context"
+	"crypto/tls"
 	"crypto/x509"
 	"errors"

@@ -20,6 +21,7 @@ var quicDialAddr = quic.DialAddr
 type transport struct {
 	privKey   ic.PrivKey
 	localPeer peer.ID
+	tlsConf   *tls.Config
 }

 var _ tpt.Transport = &transport{}
@@ -30,9 +32,14 @@ func NewTransport(key ic.PrivKey) (tpt.Transport, error) {
 	if err != nil {
 		return nil, err
 	}
+	tlsConf, err := generateConfig(key)
+	if err != nil {
+		return nil, err
+	}
 	return &transport{
 		privKey:   key,
 		localPeer: localPeer,
+		tlsConf:   tlsConf,
 	}, nil
 }

@@ -42,11 +49,8 @@ func (t *transport) Dial(ctx context.Context, raddr ma.Multiaddr, p peer.ID) (tp
 	if err != nil {
 		return nil, err
 	}
-	tlsConf, err := generateConfig(t.privKey)
-	if err != nil {
-		return nil, err
-	}
 	var remotePubKey ic.PubKey
+	tlsConf := t.tlsConf.Clone()
 	tlsConf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
 		chain := make([]*x509.Certificate, len(rawCerts))
 		for i := 0; i < len(rawCerts); i++ {
@@ -92,7 +96,7 @@ func (t *transport) CanDial(addr ma.Multiaddr) bool {

 // Listen listens for new QUIC connections on the passed multiaddr.
 func (t *transport) Listen(addr ma.Multiaddr) (tpt.Listener, error) {
-	return newListener(addr, t, t.localPeer, t.privKey)
+	return newListener(addr, t, t.localPeer, t.privKey, t.tlsConf)
 }

 // Proxy returns true if this transport proxies.