From 5b637102d928b4fd6b8ca256e37d31f8c593d16c Mon Sep 17 00:00:00 2001
From: zhangweiyu <zhangweiyu2@huawei.com>
Date: Sun, 16 Jul 2023 17:50:00 +0800
Subject: [PATCH 1/5] fix:fasthttp server with tlsConfig

Signed-off-by: zhangweiyu <zhangweiyu2@huawei.com>
---
 server.go | 39 +++++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/server.go b/server.go
index 9189da6069..d771ab0f7b 100644
--- a/server.go
+++ b/server.go
@@ -110,6 +110,7 @@ func ListenAndServeTLS(addr, certFile, keyFile string, handler RequestHandler) e
 	s := &Server{
 		Handler: handler,
 	}
+	s.configTLS()
 	return s.ListenAndServeTLS(addr, certFile, keyFile)
 }
 
@@ -121,6 +122,7 @@ func ListenAndServeTLSEmbed(addr string, certData, keyData []byte, handler Reque
 	s := &Server{
 		Handler: handler,
 	}
+	s.configTLS()
 	return s.ListenAndServeTLSEmbed(addr, certData, keyData)
 }
 
@@ -1677,14 +1679,16 @@ func (s *Server) ListenAndServeTLSEmbed(addr string, certData, keyData []byte) e
 // the function will use previously added TLS configuration.
 func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 	s.mu.Lock()
-	err := s.AppendCert(certFile, keyFile)
-	if err != nil && err != errNoCertOrKeyProvided {
-		s.mu.Unlock()
-		return err
-	}
-	if s.TLSConfig == nil {
-		s.mu.Unlock()
-		return errNoCertOrKeyProvided
+
+	config := s.TLSConfig.Clone()
+	var err error
+	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
+	if !configHasCert || certFile != "" || keyFile != "" {
+		err = s.AppendCert(certFile, keyFile)
+		if err != nil {
+			s.mu.Unlock()
+			return err
+		}
 	}
 
 	// BuildNameToCertificate has been deprecated since 1.14.
@@ -1707,14 +1711,15 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 func (s *Server) ServeTLSEmbed(ln net.Listener, certData, keyData []byte) error {
 	s.mu.Lock()
 
-	err := s.AppendCertEmbed(certData, keyData)
-	if err != nil && err != errNoCertOrKeyProvided {
-		s.mu.Unlock()
-		return err
-	}
-	if s.TLSConfig == nil {
-		s.mu.Unlock()
-		return errNoCertOrKeyProvided
+	config := s.TLSConfig.Clone()
+	var err error
+	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
+	if !configHasCert || len(certData) != 0 || len(keyData) != 0 {
+		err = s.AppendCertEmbed(certData, keyData)
+		if err != nil {
+			s.mu.Unlock()
+			return err
+		}
 	}
 
 	// BuildNameToCertificate has been deprecated since 1.14.
@@ -1742,7 +1747,6 @@ func (s *Server) AppendCert(certFile, keyFile string) error {
 		return fmt.Errorf("cannot load TLS key pair from certFile=%q and keyFile=%q: %w", certFile, keyFile, err)
 	}
 
-	s.configTLS()
 	s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
 
 	return nil
@@ -1760,7 +1764,6 @@ func (s *Server) AppendCertEmbed(certData, keyData []byte) error {
 			len(certData), len(keyData), err)
 	}
 
-	s.configTLS()
 	s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
 
 	return nil

From 7821d762fba26568f8df167320d4320aa9d996d1 Mon Sep 17 00:00:00 2001
From: zhangweiyu <zhangweiyu2@huawei.com>
Date: Sun, 16 Jul 2023 18:02:30 +0800
Subject: [PATCH 2/5] fix:fasthttp server with tlsConfig

Signed-off-by: zhangweiyu <zhangweiyu2@huawei.com>
---
 server.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/server.go b/server.go
index d771ab0f7b..2600d93758 100644
--- a/server.go
+++ b/server.go
@@ -110,7 +110,6 @@ func ListenAndServeTLS(addr, certFile, keyFile string, handler RequestHandler) e
 	s := &Server{
 		Handler: handler,
 	}
-	s.configTLS()
 	return s.ListenAndServeTLS(addr, certFile, keyFile)
 }
 
@@ -122,7 +121,6 @@ func ListenAndServeTLSEmbed(addr string, certData, keyData []byte, handler Reque
 	s := &Server{
 		Handler: handler,
 	}
-	s.configTLS()
 	return s.ListenAndServeTLSEmbed(addr, certData, keyData)
 }
 
@@ -1679,7 +1677,7 @@ func (s *Server) ListenAndServeTLSEmbed(addr string, certData, keyData []byte) e
 // the function will use previously added TLS configuration.
 func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 	s.mu.Lock()
-
+	s.configTLS()
 	config := s.TLSConfig.Clone()
 	var err error
 	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
@@ -1710,7 +1708,7 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 // the function will use previously added TLS configuration.
 func (s *Server) ServeTLSEmbed(ln net.Listener, certData, keyData []byte) error {
 	s.mu.Lock()
-
+	s.configTLS()
 	config := s.TLSConfig.Clone()
 	var err error
 	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil

From 15b95d3bdedc9869103fb8c66efd75852d930fce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E5=B0=8F=E5=9F=B9Zzz?=
 <51427547+zxpdmw@users.noreply.github.com>
Date: Mon, 17 Jul 2023 07:32:35 +0800
Subject: [PATCH 3/5] Update server.go

Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
---
 server.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/server.go b/server.go
index 2600d93758..c5c2fff0fa 100644
--- a/server.go
+++ b/server.go
@@ -1682,8 +1682,7 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 	var err error
 	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
 	if !configHasCert || certFile != "" || keyFile != "" {
-		err = s.AppendCert(certFile, keyFile)
-		if err != nil {
+		if err := s.AppendCert(certFile, keyFile); err != nil {
 			s.mu.Unlock()
 			return err
 		}

From 2ee1a89f795d61c13c6bf0a91a2798c2d5380c93 Mon Sep 17 00:00:00 2001
From: zhangweiyu <zhangweiyu2@huawei.com>
Date: Mon, 17 Jul 2023 08:58:11 +0800
Subject: [PATCH 4/5] fix:fasthttp server with tlsConfig

Signed-off-by: zhangweiyu <zhangweiyu2@huawei.com>
---
 server.go | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/server.go b/server.go
index c5c2fff0fa..33ac680e23 100644
--- a/server.go
+++ b/server.go
@@ -1679,7 +1679,6 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 	s.mu.Lock()
 	s.configTLS()
 	config := s.TLSConfig.Clone()
-	var err error
 	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
 	if !configHasCert || certFile != "" || keyFile != "" {
 		if err := s.AppendCert(certFile, keyFile); err != nil {
@@ -1709,11 +1708,9 @@ func (s *Server) ServeTLSEmbed(ln net.Listener, certData, keyData []byte) error
 	s.mu.Lock()
 	s.configTLS()
 	config := s.TLSConfig.Clone()
-	var err error
 	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
 	if !configHasCert || len(certData) != 0 || len(keyData) != 0 {
-		err = s.AppendCertEmbed(certData, keyData)
-		if err != nil {
+		if err := s.AppendCertEmbed(certData, keyData); err != nil {
 			s.mu.Unlock()
 			return err
 		}
@@ -1744,6 +1741,7 @@ func (s *Server) AppendCert(certFile, keyFile string) error {
 		return fmt.Errorf("cannot load TLS key pair from certFile=%q and keyFile=%q: %w", certFile, keyFile, err)
 	}
 
+	s.configTLS()
 	s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
 
 	return nil
@@ -1761,6 +1759,7 @@ func (s *Server) AppendCertEmbed(certData, keyData []byte) error {
 			len(certData), len(keyData), err)
 	}
 
+	s.configTLS()
 	s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
 
 	return nil

From c5add286e14c091e3baae214afb8a993a356ba6a Mon Sep 17 00:00:00 2001
From: zhangweiyu <zhangweiyu2@huawei.com>
Date: Tue, 18 Jul 2023 08:45:52 +0800
Subject: [PATCH 5/5] fix:fasthttp server with tlsConfig

Signed-off-by: zhangweiyu <zhangweiyu2@huawei.com>
---
 server.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/server.go b/server.go
index 33ac680e23..73683bf8a2 100644
--- a/server.go
+++ b/server.go
@@ -1678,8 +1678,7 @@ func (s *Server) ListenAndServeTLSEmbed(addr string, certData, keyData []byte) e
 func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 	s.mu.Lock()
 	s.configTLS()
-	config := s.TLSConfig.Clone()
-	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
+	configHasCert := len(s.TLSConfig.Certificates) > 0 || s.TLSConfig.GetCertificate != nil
 	if !configHasCert || certFile != "" || keyFile != "" {
 		if err := s.AppendCert(certFile, keyFile); err != nil {
 			s.mu.Unlock()
@@ -1707,8 +1706,7 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error {
 func (s *Server) ServeTLSEmbed(ln net.Listener, certData, keyData []byte) error {
 	s.mu.Lock()
 	s.configTLS()
-	config := s.TLSConfig.Clone()
-	configHasCert := len(config.Certificates) > 0 || config.GetCertificate != nil
+	configHasCert := len(s.TLSConfig.Certificates) > 0 || s.TLSConfig.GetCertificate != nil
 	if !configHasCert || len(certData) != 0 || len(keyData) != 0 {
 		if err := s.AppendCertEmbed(certData, keyData); err != nil {
 			s.mu.Unlock()