From 6789988ece948da1ad3188c58ea739136368cc0e Mon Sep 17 00:00:00 2001
From: aubble <anmol@aubble.com>
Date: Thu, 20 Aug 2015 14:31:15 -0400
Subject: [PATCH] crypto/tls: allow tls.Listen when only GetCertificate is
 provided.

Go 1.5 allowed TLS connections where Config.Certificates was nil as long
as the GetCertificate callback was given. However, tls.Listen wasn't
updated accordingly until this change.

Change-Id: I5f67f323f63c988ff79642f3daf8a6b2a153e6b2
Reviewed-on: https://go-review.googlesource.com/13801
Reviewed-by: Adam Langley <agl@golang.org>
---
 tls.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tls.go b/tls.go
index 0b1c377..f6d5bb1 100644
--- a/tls.go
+++ b/tls.go
@@ -67,8 +67,8 @@ func NewListener(inner net.Listener, config *Config) net.Listener {
 // The configuration config must be non-nil and must have
 // at least one certificate.
 func Listen(network, laddr string, config *Config) (net.Listener, error) {
-	if config == nil || len(config.Certificates) == 0 {
-		return nil, errors.New("tls.Listen: no certificates in configuration")
+	if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) {
+		return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config")
 	}
 	l, err := net.Listen(network, laddr)
 	if err != nil {