crypto/tls: allow tls.Listen when only GetCertificate is provided.

Go 1.5 allowed TLS connections where Config.Certificates was nil as long
as the GetCertificate callback was given. However, tls.Listen wasn't
updated accordingly until this change.

Change-Id: I5f67f323f63c988ff79642f3daf8a6b2a153e6b2
Reviewed-on: https://go-review.googlesource.com/13801
Reviewed-by: Adam Langley <agl@golang.org>

diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index 0b1c3778ad41ec4950b708f6005cfd6dd568b9c5..f6d5bb1b9af9b760ff56235be8b70d73233e0075 100644 (file)
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -67,8 +67,8 @@ func NewListener(inner net.Listener, config *Config) net.Listener {
 // The configuration config must be non-nil and must have
 // at least one certificate.
 func Listen(network, laddr string, config *Config) (net.Listener, error) {
-       if config == nil || len(config.Certificates) == 0 {
-               return nil, errors.New("tls.Listen: no certificates in configuration")
+       if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) {
+               return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config")
        }
        l, err := net.Listen(network, laddr)
        if err != nil {