🐛 ClientHelloInfo not populated

[own2pwn]

Bug Description

ClientHelloInfo will not be populated when using the ListenTLSWithCertificate method. This is because tls.Config uses the GetCertificate method and provides non nil certificates, and it will only be called if the client provides SNI or if the Certificates field is empty, as stated in the documentation.``

How to Reproduce

app := fiber.New()
app.Get("/hello", func(c *fiber.Ctx) error {
    return c.JSON(fiber.Map{"has_hello": c.ClientHelloInfo() != nil})
})
log.Fatal().Err(app.ListenTLS(":1337", "cert.pem", "key.pem"))

Expected Behavior

GetConfigForClient return nil, nil can be used instead of GetCertificate

Fiber Version

v2.46.0, v2.48.0

Code Snippet (optional)

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/pem"
	"github.com/gofiber/fiber/v2"
	"math/big"
	"net"
	"os"
	"time"
)

func generateCerts() {
	privateKey, _ := rsa.GenerateKey(rand.Reader, 2048)

	template := x509.Certificate{
		SerialNumber: big.NewInt(1),
		Subject: pkix.Name{
			Organization: []string{"ACME"},
		},
		IPAddresses: []net.IP{
			net.ParseIP("127.0.0.1"),
		},
		NotBefore:   time.Now(),
		NotAfter:    time.Now().Add(time.Hour * 24 * 365),
		KeyUsage:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		IsCA:        true,
	}

	derBytes, _ := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)

	certOut, _ := os.Create("cert.pem")
	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
	certOut.Close()

	keyOut, _ := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
	keyOut.Close()
}

func main() {
	generateCerts()
	app := fiber.New()
	app.Get(
		"/hello", func(c *fiber.Ctx) error {
			return c.JSON(fiber.Map{"has_hello": c.ClientHelloInfo() != nil})
		},
	)
	println(app.ListenTLS(":1337", "cert.pem", "key.pem"))
}

Checklist:

• I agree to follow Fiber's Code of Conduct.
• I have checked for existing issues that describe my problem prior to opening this one.
• I understand that improperly formatted bug reports may be closed without explanation.

[welcome]

Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

[efectn]

I've tried the code snippet you sent here and it works well with me. Can you provide another code snippet to reproduce the issue?

@own2pwn

I tried ListenTLSWithCertificate with tls.LoadX509KeyPair. It works well too.