in internal/tls/tls.go [97:122]
func getOptionalConfig(cfg *config.Config, info *tls.ClientHelloInfo, getCertificate GetCertificateFunc, getConfigByServerName GetConfigFunc) (*tls.Config, error) {
customConfig, err := getConfigByServerName(info)
if customConfig != nil || err != nil {
customConfig.GetCertificate = getCertificate
return customConfig, err
}
if cfg.TLS.ClientAuth == tls.NoClientCert {
return nil, nil
}
for _, i := range cfg.TLS.ClientAuthDomains {
if i != info.ServerName {
continue
}
tlsConfig, err := getTLSConfig(cfg.TLS, getCertificate)
if err != nil {
return nil, err
}
tlsConfig.ClientAuth = cfg.TLS.ClientAuth
return tlsConfig, nil
}
return nil, nil
}