feat: catch panics in TLS negotiation #111

Stebalien · 2022-04-19T09:42:32Z

marten-seemann · 2022-04-19T09:46:17Z

crypto.go

@@ -72,7 +74,15 @@ func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan ic.PubKey)
 conf := i.config.Clone()
 // We're using InsecureSkipVerify, so the verifiedChains parameter will always be empty.
 // We need to parse the certificates ourselves from the raw certs.
- conf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
+ conf.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) (err error) {


This is not needed, since we have the panic handler in handshake, is it?

This way we don't panic through TLS (not sure what that might do).

E.g., I don't trust that TLS won't run this on another goroutine.

crypto/tls doesn't, but we can leave it here to be extra paranoid.

feat: catch panics in TLS negotiation

c7916ca

Part of libp2p/go-libp2p#1389

marten-seemann reviewed Apr 19, 2022

View reviewed changes

marten-seemann approved these changes Apr 19, 2022

View reviewed changes

Stebalien merged commit 9ea94e2 into master Apr 19, 2022

Stebalien deleted the feat/catch-panic branch April 19, 2022 10:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: catch panics in TLS negotiation #111

feat: catch panics in TLS negotiation #111

Stebalien commented Apr 19, 2022

marten-seemann Apr 19, 2022

Stebalien Apr 19, 2022

marten-seemann Apr 19, 2022

feat: catch panics in TLS negotiation #111

feat: catch panics in TLS negotiation #111

Conversation

Stebalien commented Apr 19, 2022

marten-seemann Apr 19, 2022

Choose a reason for hiding this comment

Stebalien Apr 19, 2022

Choose a reason for hiding this comment

marten-seemann Apr 19, 2022

Choose a reason for hiding this comment