github.com/psiphon-labs/psiphon-tunnel-core@v2.0.28+incompatible/psiphon/common/quic/gquic-go/mint_utils.go (about) 1 package gquic 2 3 import ( 4 gocrypto "crypto" 5 "crypto/tls" 6 "crypto/x509" 7 "errors" 8 9 "github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/quic/gquic-go/internal/protocol" 10 "github.com/bifurcation/mint" 11 ) 12 13 func tlsToMintConfig(tlsConf *tls.Config, pers protocol.Perspective) (*mint.Config, error) { 14 mconf := &mint.Config{ 15 NonBlocking: true, 16 CipherSuites: []mint.CipherSuite{ 17 mint.TLS_AES_128_GCM_SHA256, 18 mint.TLS_AES_256_GCM_SHA384, 19 }, 20 } 21 if tlsConf != nil { 22 mconf.ServerName = tlsConf.ServerName 23 mconf.InsecureSkipVerify = tlsConf.InsecureSkipVerify 24 mconf.Certificates = make([]*mint.Certificate, len(tlsConf.Certificates)) 25 mconf.RootCAs = tlsConf.RootCAs 26 mconf.VerifyPeerCertificate = tlsConf.VerifyPeerCertificate 27 for i, certChain := range tlsConf.Certificates { 28 mconf.Certificates[i] = &mint.Certificate{ 29 Chain: make([]*x509.Certificate, len(certChain.Certificate)), 30 PrivateKey: certChain.PrivateKey.(gocrypto.Signer), 31 } 32 for j, cert := range certChain.Certificate { 33 c, err := x509.ParseCertificate(cert) 34 if err != nil { 35 return nil, err 36 } 37 mconf.Certificates[i].Chain[j] = c 38 } 39 } 40 switch tlsConf.ClientAuth { 41 case tls.NoClientCert: 42 case tls.RequireAnyClientCert: 43 mconf.RequireClientAuth = true 44 default: 45 return nil, errors.New("mint currently only support ClientAuthType RequireAnyClientCert") 46 } 47 } 48 if err := mconf.Init(pers == protocol.PerspectiveClient); err != nil { 49 return nil, err 50 } 51 return mconf, nil 52 }