Skip to content
This repository has been archived by the owner on Aug 19, 2022. It is now read-only.

feat: catch panics in TLS negotiation #111

Merged
merged 1 commit into from
Apr 19, 2022
Merged

feat: catch panics in TLS negotiation #111

merged 1 commit into from
Apr 19, 2022

Conversation

Stebalien
Copy link
Member

@@ -72,7 +74,15 @@ func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan ic.PubKey)
conf := i.config.Clone()
// We're using InsecureSkipVerify, so the verifiedChains parameter will always be empty.
// We need to parse the certificates ourselves from the raw certs.
conf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
conf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) (err error) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not needed, since we have the panic handler in handshake, is it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • This way we don't panic through TLS (not sure what that might do).
  • E.g., I don't trust that TLS won't run this on another goroutine.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crypto/tls doesn't, but we can leave it here to be extra paranoid.

@Stebalien Stebalien merged commit 9ea94e2 into master Apr 19, 2022
@Stebalien Stebalien deleted the feat/catch-panic branch April 19, 2022 10:02
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants