set a net.Conn with the correct addresses on the tls.ClientHelloInfo

quic-go · Jul 29, 2023 · 36ff0f4 · 36ff0f4
1 parent 469a615
commit 36ff0f4
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 0 deletions.
diff --git a/connection.go b/connection.go
@@ -315,6 +315,8 @@ var newConnection = func(
 	}
 	cs := handshake.NewCryptoSetupServer(
 		clientDestConnID,
+		conn.LocalAddr(),
+		conn.RemoteAddr(),
 		params,
 		tlsConf,
 		conf.Allow0RTT,

diff --git a/fuzzing/handshake/cmd/corpus.go b/fuzzing/handshake/cmd/corpus.go
@@ -3,6 +3,7 @@ package main
 import (
 	"crypto/tls"
 	"log"
+	"net"
 
 	fuzzhandshake "github.com/quic-go/quic-go/fuzzing/handshake"
 	"github.com/quic-go/quic-go/fuzzing/internal/helper"
@@ -37,6 +38,8 @@ func main() {
 	config.NextProtos = []string{alpn}
 	server := handshake.NewCryptoSetupServer(
 		protocol.ConnectionID{},
+		&net.UDPAddr{IP: net.IPv6loopback, Port: 1234},
+		&net.UDPAddr{IP: net.IPv6loopback, Port: 4321},
 		&wire.TransportParameters{ActiveConnectionIDLimit: 2},
 		config,
 		false,

diff --git a/fuzzing/handshake/fuzz.go b/fuzzing/handshake/fuzz.go
@@ -11,6 +11,7 @@ import (
 	"log"
 	"math"
 	mrand "math/rand"
+	"net"
 	"time"
 
 	"github.com/quic-go/quic-go/fuzzing/internal/helper"
@@ -304,6 +305,8 @@ func runHandshake(runConfig [confLen]byte, messageConfig uint8, clientConf *tls.
 
 	server := handshake.NewCryptoSetupServer(
 		protocol.ConnectionID{},
+		&net.UDPAddr{IP: net.IPv6loopback, Port: 1234},
+		&net.UDPAddr{IP: net.IPv6loopback, Port: 4321},
 		serverTP,
 		serverConf,
 		enable0RTTServer,

diff --git a/integrationtests/self/handshake_test.go b/integrationtests/self/handshake_test.go
@@ -140,6 +140,27 @@ var _ = Describe("Handshake tests", func() {
 			Expect(err).ToNot(HaveOccurred())
 		})
 
+		It("has the right local and remote address on the ClientHelloInfo.Conn", func() {
+			var local, remote net.Addr
+			tlsConf := &tls.Config{
+				GetConfigForClient: func(info *tls.ClientHelloInfo) (*tls.Config, error) {
+					local = info.Conn.LocalAddr()
+					remote = info.Conn.RemoteAddr()
+					return getTLSConfig(), nil
+				},
+			}
+			runServer(tlsConf)
+			conn, err := quic.DialAddr(
+				context.Background(),
+				fmt.Sprintf("localhost:%d", server.Addr().(*net.UDPAddr).Port),
+				getTLSClientConfig(),
+				getQuicConfig(nil),
+			)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(server.Addr()).To(Equal(local))
+			Expect(conn.LocalAddr().(*net.UDPAddr).Port).To(Equal(remote.(*net.UDPAddr).Port))
+		})
+
 		It("works with a long certificate chain", func() {
 			runServer(getTLSConfigWithLongCertChain())
 			_, err := quic.DialAddr(

diff --git a/internal/handshake/crypto_setup.go b/internal/handshake/crypto_setup.go
@@ -6,6 +6,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"net"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -104,6 +105,7 @@ func NewCryptoSetupClient(
 // NewCryptoSetupServer creates a new crypto setup for the server
 func NewCryptoSetupServer(
 	connID protocol.ConnectionID,
+	localAddr, remoteAddr net.Addr,
 	tp *wire.TransportParameters,
 	tlsConf *tls.Config,
 	allow0RTT bool,
@@ -125,6 +127,13 @@ func NewCryptoSetupServer(
 
 	quicConf := &qtls.QUICConfig{TLSConfig: tlsConf}
 	qtls.SetupConfigForServer(quicConf, cs.allow0RTT, cs.getDataForSessionTicket, cs.accept0RTT)
+	if quicConf.TLSConfig.GetConfigForClient != nil {
+		gcfc := quicConf.TLSConfig.GetConfigForClient
+		quicConf.TLSConfig.GetConfigForClient = func(info *tls.ClientHelloInfo) (*tls.Config, error) {
+			info.Conn = &conn{localAddr: localAddr, remoteAddr: remoteAddr}
+			return gcfc(info)
+		}
+	}
 
 	cs.tlsConf = quicConf.TLSConfig
 	cs.conn = qtls.QUICServer(quicConf)

diff --git a/internal/handshake/crypto_setup_test.go b/internal/handshake/crypto_setup_test.go
@@ -7,6 +7,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"math/big"
+	"net"
 	"time"
 
 	mocktls "github.com/quic-go/quic-go/internal/mocks/tls"
@@ -65,6 +66,8 @@ var _ = Describe("Crypto Setup TLS", func() {
 		var token protocol.StatelessResetToken
 		server := NewCryptoSetupServer(
 			protocol.ConnectionID{},
+			&net.UDPAddr{IP: net.IPv6loopback, Port: 1234},
+			&net.UDPAddr{IP: net.IPv6loopback, Port: 4321},
 			&wire.TransportParameters{StatelessResetToken: &token},
 			testdata.GetTLSConfig(),
 			false,
@@ -204,6 +207,8 @@ var _ = Describe("Crypto Setup TLS", func() {
 			}
 			server := NewCryptoSetupServer(
 				protocol.ConnectionID{},
+				&net.UDPAddr{IP: net.IPv6loopback, Port: 1234},
+				&net.UDPAddr{IP: net.IPv6loopback, Port: 4321},
 				serverTransportParameters,
 				serverConf,
 				enable0RTT,
@@ -273,6 +278,8 @@ var _ = Describe("Crypto Setup TLS", func() {
 			}
 			server := NewCryptoSetupServer(
 				protocol.ConnectionID{},
+				&net.UDPAddr{IP: net.IPv6loopback, Port: 1234},
+				&net.UDPAddr{IP: net.IPv6loopback, Port: 4321},
 				sTransportParameters,
 				serverConf,
 				false,