Return an error when we try to listen on a multiaddr with a certhash

p2p/transport/webtransport/transport.go

@@ -295,10 +295,13 @@ func (t *transport) CanDial(addr ma.Multiaddr) bool {
 }
 
 func (t *transport) Listen(laddr ma.Multiaddr) (tpt.Listener, error) {
-	isWebTransport, _ := IsWebtransportMultiaddr(laddr)
+	isWebTransport, certhashCount := IsWebtransportMultiaddr(laddr)
 	if !isWebTransport {
 		return nil, fmt.Errorf("cannot listen on non-WebTransport addr: %s", laddr)
 	}
+	if certhashCount > 0 {
+		return nil, fmt.Errorf("cannot listen on a specific certhash non-WebTransport addr: %s", laddr)
+	}
 	if t.staticTLSConf == nil {
 		t.listenOnce.Do(func() {
 			t.certManager, t.listenOnceErr = newCertManager(t.privKey, t.clock)

p2p/transport/webtransport/transport_test.go

@@ -224,10 +224,11 @@ func TestListenAddrValidity(t *testing.T) {
 	}
 
 	invalid := []ma.Multiaddr{
-		ma.StringCast("/ip4/127.0.0.1/udp/1234"),              // missing webtransport
-		ma.StringCast("/ip4/127.0.0.1/udp/1234/webtransport"), // missing quic
-		ma.StringCast("/ip4/127.0.0.1/tcp/1234/webtransport"), // WebTransport over TCP? Is this a joke?
-		ma.StringCast("/ip4/127.0.0.1/udp/1234/quic-v1/webtransport/certhash/" + randomMultihash(t)),
+		ma.StringCast("/ip4/127.0.0.1/udp/1234"),                                                      // missing webtransport
+		ma.StringCast("/ip4/127.0.0.1/udp/1234/webtransport"),                                         // missing quic
+		ma.StringCast("/ip4/127.0.0.1/tcp/1234/webtransport"),                                         // WebTransport over TCP? Is this a joke?
+		ma.StringCast("/ip4/127.0.0.1/udp/1234/quic-v1/webtransport/certhash/" + randomMultihash(t)),  // We can't listen on a specific certhash
+		ma.StringCast("/ip4/127.0.0.1/udp/11234/quic-v1/webtransport/certhash/" + randomMultihash(t)), // We can't listen on a specific certhash
 	}
 
 	_, key := newIdentity(t)