mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix a couple of race conditions in the renewal of certificates.

Browse source
This commit is contained in:
Mariano Cano 2020-01-24 12:26:27 -08:00 committed by max furman
parent df60fe3f0d
commit 3d6a18180e
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ca/mutable_tls_config.go
View file

@ -40,7 +40,7 @@ func (c *mutableTLSConfig) Init(base *tls.Config) {
// tls.Config GetConfigForClient. // tls.Config GetConfigForClient.
func (c *mutableTLSConfig) TLSConfig() (config *tls.Config) { func (c *mutableTLSConfig) TLSConfig() (config *tls.Config) {
c.RLock() c.RLock()
config = c.config config = c.config.Clone()
c.RUnlock() c.RUnlock()
return return
} }

2
ca/renew.go
View file

@ -80,7 +80,9 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
func (r *TLSRenewer) Run() { func (r *TLSRenewer) Run() {
cert := r.getCertificate() cert := r.getCertificate()
next := r.nextRenewDuration(cert.Leaf.NotAfter) next := r.nextRenewDuration(cert.Leaf.NotAfter)
r.Lock()
r.timer = time.AfterFunc(next, r.renewCertificate) r.timer = time.AfterFunc(next, r.renewCertificate)
r.Unlock()
} }
// RunContext starts the certificate renewer for the given certificate. // RunContext starts the certificate renewer for the given certificate.