Allow to customize the minimal cert duration for tests.

This commit is contained in:
Mariano Cano 2019-01-09 17:24:11 -08:00
parent 10aaece1b0
commit 25ddbaedff

View file

@ -14,6 +14,8 @@ import (
// certificate. // certificate.
type RenewFunc func() (*tls.Certificate, error) type RenewFunc func() (*tls.Certificate, error)
var minCertDuration = time.Minute
// TLSRenewer automatically renews a tls certificate using a RenewFunc. // TLSRenewer automatically renews a tls certificate using a RenewFunc.
type TLSRenewer struct { type TLSRenewer struct {
sync.RWMutex sync.RWMutex
@ -58,8 +60,8 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
} }
period := cert.Leaf.NotAfter.Sub(cert.Leaf.NotBefore) period := cert.Leaf.NotAfter.Sub(cert.Leaf.NotBefore)
if period < time.Minute { if period < minCertDuration {
return nil, errors.Errorf("period must be greater than or equal to 1 Minute, but got %v.", period) return nil, errors.Errorf("period must be greater than or equal to %s, but got %v.", minCertDuration, period)
} }
// By default we will try to renew the cert before 2/3 of the validity // By default we will try to renew the cert before 2/3 of the validity
// period have expired. // period have expired.