c.NameToCertificate = make(map[string]*Certificate)
for i := range c.Certificates {
cert := &c.Certificates[i]
- if cert.Leaf == nil {
- x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
+ x509Cert := cert.Leaf
+ if x509Cert == nil {
+ var err error
+ x509Cert, err = x509.ParseCertificate(cert.Certificate[0])
if err != nil {
continue
}
- cert.Leaf = x509Cert
}
- x509Cert := cert.Leaf
if len(x509Cert.Subject.CommonName) > 0 {
c.NameToCertificate[x509Cert.Subject.CommonName] = cert
}
t.Errorf("Client negotiated version %x, expected %x", cs.Version, VersionTLS12)
}
}
+
+// Issue 28744: Ensure that we don't modify memory
+// that Config doesn't own such as Certificates.
+func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) {
+ c0 := Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ }
+ c1 := Certificate{
+ Certificate: [][]byte{testSNICertificate},
+ PrivateKey: testRSAPrivateKey,
+ }
+ config := testConfig.Clone()
+ config.Certificates = []Certificate{c0, c1}
+
+ config.BuildNameToCertificate()
+ got := config.Certificates
+ want := []Certificate{c0, c1}
+ if !reflect.DeepEqual(got, want) {
+ t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want)
+ }
+}