~sotirisp/kindleto

2185b9761f2f146ae990b1dd66e95de2b13dc239 — Sotiris Papatheodorou 1 year, 11 months ago e43487d
Return error for invalid client certificate scope
1 files changed, 19 insertions(+), 4 deletions(-)

M certificates/certificates.go
M certificates/certificates.go => certificates/certificates.go +19 -4
@@ 7,6 7,7 @@ package certificates
import (
	"crypto/tls"
	"crypto/x509/pkix"
	"fmt"
	"git.sr.ht/~adnano/go-gemini/certificate"
	"log"
	"math/rand"


@@ 72,7 73,12 @@ func LoadClientCerts() {
// LookupClientCert searches for a client certificate corresponding to a URL.
// The returned bool value indicates whether a client certificate was found.
func LookupClientCert(u *url.URL) (tls.Certificate, bool) {
	return clientCertStore.Lookup(urlToScope(u))
	scope, err := urlToScope(u)
	if err != nil {
		log.Println("LookupClientCert: error looking-up client certificate:", err)
		return tls.Certificate{}, false
	}
	return clientCertStore.Lookup(scope)
}

// CreateClientCert generates a new client certificate for the supplied URL and


@@ 93,7 99,12 @@ func CreateClientCert(u *url.URL, commonName string, duration time.Duration) err
		log.Println("CreateClientCert: error creating client certificate:", err)
		return err
	}
	if err := clientCertStore.Add(urlToScope(u), cert); err != nil {
	scope, err := urlToScope(u)
	if err != nil {
		log.Println("CreateClientCert: error creating client certificate:", err)
		return err
	}
	if err := clientCertStore.Add(scope, cert); err != nil {
		log.Println("CreateClientCert: error adding client certificate:", err)
		return err
	}


@@ 169,8 180,12 @@ func StringToDuration(s string) time.Duration {

// urlToScope returns a string that will be used as a filename for client
// certificates corresponding to the URL.
func urlToScope(u *url.URL) string {
	return u.Host
func urlToScope(u *url.URL) (string, error) {
	if u.Host == "" {
		return "", fmt.Errorf("urlToScope: no host in URL: %v", u)
	} else {
		return u.Host, nil
	}
}

// isExpired tests whether a client certificate has expired.