Skip to content

GitLab

Commit 1703ae03 authored by Marten Seemann's avatar Marten Seemann
Browse files

generate the certificate chain on initialisation

parent b74c4143
Show whitespace changes
Inline Side-by-side
listener.go
View file @ 1703ae03
package libp2pquic package libp2pquic
import ( import (
"crypto/tls"
"net" "net"
ic "github.com/libp2p/go-libp2p-crypto" ic "github.com/libp2p/go-libp2p-crypto"
...@@ -27,15 +28,11 @@ type listener struct { ...@@ -27,15 +28,11 @@ type listener struct {
var _ tpt.Listener = &listener{} var _ tpt.Listener = &listener{}
func newListener(addr ma.Multiaddr, transport tpt.Transport, localPeer peer.ID, key ic.PrivKey) (tpt.Listener, error) { func newListener(addr ma.Multiaddr, transport tpt.Transport, localPeer peer.ID, key ic.PrivKey, tlsConf *tls.Config) (tpt.Listener, error) {
_, host, err := manet.DialArgs(addr) _, host, err := manet.DialArgs(addr)
if err != nil { if err != nil {
return nil, err return nil, err
} }
tlsConf, err := generateConfig(key)
if err != nil {
return nil, err
}
ln, err := quicListenAddr(host, tlsConf, &quic.Config{Versions: []quic.VersionNumber{101}}) ln, err := quicListenAddr(host, tlsConf, &quic.Config{Versions: []quic.VersionNumber{101}})
if err != nil { if err != nil {
return nil, err return nil, err
......
transport.go
View file @ 1703ae03
...@@ -2,6 +2,7 @@ package libp2pquic ...@@ -2,6 +2,7 @@ package libp2pquic
import ( import (
"context" "context"
"crypto/tls"
"crypto/x509" "crypto/x509"
"errors" "errors"
...@@ -20,6 +21,7 @@ var quicDialAddr = quic.DialAddr ...@@ -20,6 +21,7 @@ var quicDialAddr = quic.DialAddr
type transport struct { type transport struct {
privKey ic.PrivKey privKey ic.PrivKey
localPeer peer.ID localPeer peer.ID
tlsConf *tls.Config
} }
var _ tpt.Transport = &transport{} var _ tpt.Transport = &transport{}
...@@ -30,9 +32,14 @@ func NewTransport(key ic.PrivKey) (tpt.Transport, error) { ...@@ -30,9 +32,14 @@ func NewTransport(key ic.PrivKey) (tpt.Transport, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
tlsConf, err := generateConfig(key)
if err != nil {
return nil, err
}
return &transport{ return &transport{
privKey: key, privKey: key,
localPeer: localPeer, localPeer: localPeer,
tlsConf: tlsConf,
}, nil }, nil
} }
...@@ -42,11 +49,8 @@ func (t *transport) Dial(ctx context.Context, raddr ma.Multiaddr, p peer.ID) (tp ...@@ -42,11 +49,8 @@ func (t *transport) Dial(ctx context.Context, raddr ma.Multiaddr, p peer.ID) (tp
if err != nil { if err != nil {
return nil, err return nil, err
} }
tlsConf, err := generateConfig(t.privKey)
if err != nil {
return nil, err
}
var remotePubKey ic.PubKey var remotePubKey ic.PubKey
tlsConf := t.tlsConf.Clone()
tlsConf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error { tlsConf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
chain := make([]*x509.Certificate, len(rawCerts)) chain := make([]*x509.Certificate, len(rawCerts))
for i := 0; i < len(rawCerts); i++ { for i := 0; i < len(rawCerts); i++ {
...@@ -92,7 +96,7 @@ func (t *transport) CanDial(addr ma.Multiaddr) bool { ...@@ -92,7 +96,7 @@ func (t *transport) CanDial(addr ma.Multiaddr) bool {
// Listen listens for new QUIC connections on the passed multiaddr. // Listen listens for new QUIC connections on the passed multiaddr.
func (t *transport) Listen(addr ma.Multiaddr) (tpt.Listener, error) { func (t *transport) Listen(addr ma.Multiaddr) (tpt.Listener, error) {
return newListener(addr, t, t.localPeer, t.privKey) return newListener(addr, t, t.localPeer, t.privKey, t.tlsConf)
} }
// Proxy returns true if this transport proxies. // Proxy returns true if this transport proxies.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment