Fix a couple of race conditions in the renewal of certificates.

This commit is contained in:
Mariano Cano 2020-01-24 12:26:27 -08:00 committed by max furman
parent 99e5bf4782
commit f21f07689e
2 changed files with 3 additions and 1 deletions

View file

@ -40,7 +40,7 @@ func (c *mutableTLSConfig) Init(base *tls.Config) {
// tls.Config GetConfigForClient.
func (c *mutableTLSConfig) TLSConfig() (config *tls.Config) {
c.RLock()
config = c.config
config = c.config.Clone()
c.RUnlock()
return
}

View file

@ -80,7 +80,9 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
func (r *TLSRenewer) Run() {
cert := r.getCertificate()
next := r.nextRenewDuration(cert.Leaf.NotAfter)
r.Lock()
r.timer = time.AfterFunc(next, r.renewCertificate)
r.Unlock()
}
// RunContext starts the certificate renewer for the given certificate.