Clone TLS config before changing it

ansible · Feb 17, 2022 · fb2d7fc · fb2d7fc
1 parent 745a1e1
commit fb2d7fc
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/pkg/netceptor/conn.go b/pkg/netceptor/conn.go
@@ -70,8 +70,9 @@ func (s *Netceptor) listen(ctx context.Context, service string, tlscfg *tls.Conf
 		tlscfg.NextProtos = []string{"netceptor"}
 		if tlscfg.ClientAuth == tls.RequireAndVerifyClientCert {
 			tlscfg.GetConfigForClient = func(hi *tls.ClientHelloInfo) (*tls.Config, error) {
+				clientTLSCfg := tlscfg.Clone()
 				remoteNode := strings.Split(hi.Conn.RemoteAddr().String(), ":")[0]
-				tlscfg.VerifyPeerCertificate = s.receptorVerifyFunc(tlscfg, remoteNode, VerifyClient)
+				clientTLSCfg.VerifyPeerCertificate = s.receptorVerifyFunc(tlscfg, remoteNode, VerifyClient)
 
 				return tlscfg, nil
 			}
@@ -292,8 +293,8 @@ func (s *Netceptor) DialContext(ctx context.Context, node string, service string
 	rAddr := s.NewAddr(node, service)
 	cfg := &quic.Config{
 		HandshakeIdleTimeout: 15 * time.Second,
-		MaxIdleTimeout:   MaxIdleTimeoutForQuicConnections,
-		KeepAlive:        KeepAliveForQuicConnections,
+		MaxIdleTimeout:       MaxIdleTimeoutForQuicConnections,
+		KeepAlive:            KeepAliveForQuicConnections,
 	}
 	if tlscfg == nil {
 		tlscfg = generateClientTLSConfig()