Close key manager for safe reloads when a cgo module is used.

2021-02-01 17:14:44 -08:00 · 2021-02-01 17:14:44 -08:00 · fbd2208044
commit fbd2208044
parent 97c8cd10cd
3 changed files with 24 additions and 1 deletions
--- a/authority/authority.go
+++ b/authority/authority.go
@ -382,3 +382,10 @@ func (a *Authority) Shutdown() error {
 	}
 	return a.db.Shutdown()
 }
 // CloseForReload closes internal services, to allow a safe reload.
 func (a *Authority) CloseForReload() {
 	if err := a.keyManager.Close(); err != nil {
 		log.Printf("error closing the key manager: %v", err)
 	}
 }
--- a/authority/authority_test.go
+++ b/authority/authority_test.go
@ -306,3 +306,17 @@ func TestNewEmbedded_GetTLSCertificate(t *testing.T) {
 	assert.True(t, cert.Leaf.IPAddresses[0].Equal(net.ParseIP("127.0.0.1")))
 	assert.True(t, cert.Leaf.IPAddresses[1].Equal(net.ParseIP("::1")))
 }
 func TestAuthority_CloseForReload(t *testing.T) {
 	tests := []struct {
 		name string
 		auth *Authority
 	}{
 		{"ok", testAuthority(t)},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			tt.auth.CloseForReload()
 		})
 	}
 }
--- a/ca/ca.go
+++ b/ca/ca.go
@ -227,9 +227,11 @@ func (ca *CA) Reload() error {
 	}
 	// 1. Stop previous renewer
-	// 2. Replace ca properties
+	// 2. Close key manager
 	// 3. Replace ca properties
 	// Do not replace ca.srv
 	ca.renewer.Stop()
 	ca.auth.CloseForReload()
 	ca.auth = newCA.auth
 	ca.config = newCA.config
 	ca.opts = newCA.opts