internal: don't attempt to lookup SNI Certificate if no SNI is sent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:33:25 +01:00 · 2022-02-09 12:33:25 +01:00 · 48f4a971ef
parent 6314be14ad
commit 48f4a971ef
1 changed files with 5 additions and 1 deletions
--- a/internal/outpost/proxyv2/proxyv2.go
+++ b/internal/outpost/proxyv2/proxyv2.go
@ -102,7 +102,11 @@ func (ps *ProxyServer) GetCertificate(serverName string) *tls.Certificate {
 }

 func (ps *ProxyServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
-	appCert := ps.GetCertificate(info.ServerName)
+	sn := info.ServerName
+	if sn == "" {
+		return &ps.defaultCert, nil
+	}
+	appCert := ps.GetCertificate(sn)
 	if appCert == nil {
 		return &ps.defaultCert, nil
 	}