internal: don't attempt to lookup SNI Certificate if no SNI is sent

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-02-09 12:33:25 +01:00 · 2022-02-09 12:33:25 +01:00 · affbf85699
parent 0d92112a3f
commit affbf85699
1 changed files with 5 additions and 1 deletions
--- a/internal/outpost/proxyv2/proxyv2.go
+++ b/internal/outpost/proxyv2/proxyv2.go
@ -102,7 +102,11 @@ func (ps *ProxyServer) GetCertificate(serverName string) *tls.Certificate {
 }
 func (ps *ProxyServer) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
-	appCert := ps.GetCertificate(info.ServerName)
+	sn := info.ServerName
 	if sn == "" {
 		return &ps.defaultCert, nil
 	}
 	appCert := ps.GetCertificate(sn)
 	if appCert == nil {
 		return &ps.defaultCert, nil
 	}