From 46fde27b3dd95a4d06020150ab3e1c0e93746db7 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Thu, 12 Jan 2023 12:20:59 -0800 Subject: [PATCH] Restrict QUIC to use single self signed client cert (backport #29681) (#29683) Restrict QUIC to use single self signed client cert (#29681) (cherry picked from commit 1d0a28c66a31277e1d4cfa4312f5411bae912c3c) Co-authored-by: Pankaj Garg --- streamer/src/tls_certificates.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/streamer/src/tls_certificates.rs b/streamer/src/tls_certificates.rs index 27d3365c885ed4..9e6bf35bc71caa 100644 --- a/streamer/src/tls_certificates.rs +++ b/streamer/src/tls_certificates.rs @@ -57,7 +57,8 @@ pub fn new_self_signed_tls_certificate_chain( } pub fn get_pubkey_from_tls_certificate(certificates: &[rustls::Certificate]) -> Option { - certificates.first().and_then(|der_cert| { + if certificates.len() == 1 { + let der_cert = &certificates[0]; X509Certificate::from_der(der_cert.as_ref()) .ok() .and_then(|(_, cert)| { @@ -66,7 +67,9 @@ pub fn get_pubkey_from_tls_certificate(certificates: &[rustls::Certificate]) -> _ => None, }) }) - }) + } else { + None + } } #[cfg(test)]