Skip to content

Commit

Permalink
Restrict QUIC to use single self signed client cert (backport #29681) (
Browse files Browse the repository at this point in the history
…#29683)

Restrict QUIC to use single self signed client cert (#29681)

(cherry picked from commit 1d0a28c)

Co-authored-by: Pankaj Garg <[email protected]>
  • Loading branch information
mergify[bot] and pgarg66 authored Jan 12, 2023
1 parent e7a57ca commit 46fde27
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions streamer/src/tls_certificates.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ pub fn new_self_signed_tls_certificate_chain(
}

pub fn get_pubkey_from_tls_certificate(certificates: &[rustls::Certificate]) -> Option<Pubkey> {
certificates.first().and_then(|der_cert| {
if certificates.len() == 1 {
let der_cert = &certificates[0];
X509Certificate::from_der(der_cert.as_ref())
.ok()
.and_then(|(_, cert)| {
Expand All @@ -66,7 +67,9 @@ pub fn get_pubkey_from_tls_certificate(certificates: &[rustls::Certificate]) ->
_ => None,
})
})
})
} else {
None
}
}

#[cfg(test)]
Expand Down

0 comments on commit 46fde27

Please sign in to comment.