From 1d0a28c66a31277e1d4cfa4312f5411bae912c3c Mon Sep 17 00:00:00 2001
From: Pankaj Garg <pankaj@solana.com>
Date: Thu, 12 Jan 2023 10:05:56 -0800
Subject: [PATCH] Restrict QUIC to use single self signed client cert (#29681)

---
 streamer/src/tls_certificates.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/streamer/src/tls_certificates.rs b/streamer/src/tls_certificates.rs
index 27d3365c88..9e6bf35bc7 100644
--- a/streamer/src/tls_certificates.rs
+++ b/streamer/src/tls_certificates.rs
@@ -57,7 +57,8 @@ pub fn new_self_signed_tls_certificate_chain(
 }
 
 pub fn get_pubkey_from_tls_certificate(certificates: &[rustls::Certificate]) -> Option<Pubkey> {
-    certificates.first().and_then(|der_cert| {
+    if certificates.len() == 1 {
+        let der_cert = &certificates[0];
         X509Certificate::from_der(der_cert.as_ref())
             .ok()
             .and_then(|(_, cert)| {
@@ -66,7 +67,9 @@ pub fn get_pubkey_from_tls_certificate(certificates: &[rustls::Certificate]) ->
                     _ => None,
                 })
             })
-    })
+    } else {
+        None
+    }
 }
 
 #[cfg(test)]