From e14328b71bfcbb615a79991cccb320b8d9de2216 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Mon, 14 Jan 2019 11:39:17 +0700
Subject: [PATCH] tls: Set a GetCertificate callback in the tls.Config (#2404)

A tls.Config must have Certificates or GetCertificate set, in order to
be accepted by tls.Listen and quic.Listen.
---
 caddytls/config.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/caddytls/config.go b/caddytls/config.go
index 77f04710c..d8b6ed73a 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -269,6 +269,13 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
 	}
 
 	return &tls.Config{
+		// A tls.Config must have Certificates or GetCertificate
+		// set, in order to be accepted by tls.Listen and quic.Listen.
+		// TODO: remove this once the standard library allows a tls.Config with
+		// only GetConfigForClient set.
+		GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
+			return nil, fmt.Errorf("all certificates configured via GetConfigForClient")
+		},
 		GetConfigForClient: configMap.GetConfigForClient,
 	}, nil
 }