From 585361711b73c0e06e0099e600818fef0fdacf36 Mon Sep 17 00:00:00 2001
From: Joseph Hirschfeld <joe@ibj.io>
Date: Wed, 12 Dec 2018 14:28:44 -0500
Subject: [PATCH] Return pubkeys which connect to us to caller

---
 crypto.go    | 14 +++++++++++---
 transport.go |  3 ++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/crypto.go b/crypto.go
index 47dbcbe..af5419e 100644
--- a/crypto.go
+++ b/crypto.go
@@ -11,7 +11,7 @@ import (
 	"github.com/gogo/protobuf/proto"
 	ic "github.com/libp2p/go-libp2p-crypto"
 	pb "github.com/libp2p/go-libp2p-crypto/pb"
-	"github.com/libp2p/go-libp2p-peer"
+	peer "github.com/libp2p/go-libp2p-peer"
 )
 
 const PEER_HOSTNAME = "tls.libp2p"
@@ -32,7 +32,12 @@ func NewIdentity(privKey ic.PrivKey) (*Identity, error) {
 
 // ConfigForPeer creates a new tls.Config that verifies the peers certificate chain.
 // It should be used to create a new tls.Config before dialing.
-func (i *Identity) ConfigForPeer(remote peer.ID) *tls.Config {
+// It also returns a pointer to the remote public key which points to the valid remote public
+// key after the remote connects
+func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, *ic.PubKey) {
+
+	var remotePubKey ic.PubKey = nil
+
 	// We need to check the peer ID in the VerifyPeerCertificate callback.
 	// The tls.Config it is also used for listening, and we might also have concurrent dials.
 	// Clone it so we can check for the specific peer ID we're dialing here.
@@ -55,12 +60,15 @@ func (i *Identity) ConfigForPeer(remote peer.ID) *tls.Config {
 		if !remote.MatchesPublicKey(pubKey) {
 			return errors.New("peer IDs don't match")
 		}
+
+		remotePubKey = pubKey
+
 		return nil
 	}
 
 	conf.ServerName = PEER_HOSTNAME
 
-	return conf
+	return conf, &remotePubKey
 }
 
 // KeyFromChain takes a chain of x509.Certificates and returns the peer's public key.
diff --git a/transport.go b/transport.go
index 5a75296..6ab67d3 100644
--- a/transport.go
+++ b/transport.go
@@ -48,7 +48,8 @@ func (t *Transport) SecureInbound(ctx context.Context, insecure net.Conn) (cs.Co
 
 // SecureOutbound runs the TLS handshake as a client.
 func (t *Transport) SecureOutbound(ctx context.Context, insecure net.Conn, p peer.ID) (cs.Conn, error) {
-	cl := tls.Client(insecure, t.identity.ConfigForPeer(p))
+	config, _ := t.identity.ConfigForPeer(p)
+	cl := tls.Client(insecure, config)
 	return t.handshake(ctx, insecure, cl)
 }