yesBad/proton-bridge
1
0
Fork 0
forked from Silverfish/proton-bridge
Code Actions Activity

fix: don't panic if not given tls connection in pin checker

Browse Source
This commit is contained in:
James Houlahan
2020-07-09 13:19:32 +02:00
parent abaeace4b3
commit fc4e77604f
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/pmapi/pin_checker.go
View File

@ -24,6 +24,7 @@ import (
"crypto/x509"
"encoding/base64"
"encoding/pem"
"errors"
"fmt"
"net"
"time"
@ -50,7 +51,12 @@ func newPinChecker(trustedPins []string) pinChecker {
// checkCertificate returns whether the connection presents a known TLS certificate.
func (p *pinChecker) checkCertificate(conn net.Conn) error {
connState := conn.(*tls.Conn).ConnectionState()
tlsConn, ok := conn.(*tls.Conn)
if !ok {
return errors.New("connection is not a TLS connection")
}
connState := tlsConn.ConnectionState()
for _, peerCert := range connState.PeerCertificates {
fingerprint := certFingerprint(peerCert)