From fb66484384a815e6d469cb834ae9b27582e5d551 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen.murphy@suse.com>
Date: Fri, 29 Oct 2021 11:03:02 -0700
Subject: [PATCH] Fix net.Conn type assertion

Don't assert that all connections are wrapped, as they won't be if
the CloseConnOnCertChange setting is false. Only run the assertion
within a conditional for wrapped connections, where it is safe. This
prevents a panic from happening when CloseConnOnCertChange is not used.
---
 listener.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/listener.go b/listener.go
index 7ba32fb..1d3e2fd 100644
--- a/listener.go
+++ b/listener.go
@@ -299,7 +299,7 @@ func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
 		}
 	}
 
-	return l.loadCert(newConn.(*closeWrapper))
+	return l.loadCert(newConn)
 }
 
 func (l *listener) updateCert(cn ...string) error {
@@ -341,7 +341,7 @@ func (l *listener) updateCert(cn ...string) error {
 	return nil
 }
 
-func (l *listener) loadCert(currentConn *closeWrapper) (*tls.Certificate, error) {
+func (l *listener) loadCert(currentConn net.Conn) (*tls.Certificate, error) {
 	l.RLock()
 	defer l.RUnlock()
 
@@ -381,7 +381,7 @@ func (l *listener) loadCert(currentConn *closeWrapper) (*tls.Certificate, error)
 			}
 			_ = conn.close()
 		}
-		l.conns[currentConn.id].ready = true
+		l.conns[currentConn.(*closeWrapper).id].ready = true
 		l.connLock.Unlock()
 	}