forked from TrueCloudLab/certificates
Close key manager for safe reloads when a cgo module is used.
This commit is contained in:
parent
97c8cd10cd
commit
fbd2208044
3 changed files with 24 additions and 1 deletions
|
@ -382,3 +382,10 @@ func (a *Authority) Shutdown() error {
|
|||
}
|
||||
return a.db.Shutdown()
|
||||
}
|
||||
|
||||
// CloseForReload closes internal services, to allow a safe reload.
|
||||
func (a *Authority) CloseForReload() {
|
||||
if err := a.keyManager.Close(); err != nil {
|
||||
log.Printf("error closing the key manager: %v", err)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -306,3 +306,17 @@ func TestNewEmbedded_GetTLSCertificate(t *testing.T) {
|
|||
assert.True(t, cert.Leaf.IPAddresses[0].Equal(net.ParseIP("127.0.0.1")))
|
||||
assert.True(t, cert.Leaf.IPAddresses[1].Equal(net.ParseIP("::1")))
|
||||
}
|
||||
|
||||
func TestAuthority_CloseForReload(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
auth *Authority
|
||||
}{
|
||||
{"ok", testAuthority(t)},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
tt.auth.CloseForReload()
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
4
ca/ca.go
4
ca/ca.go
|
@ -227,9 +227,11 @@ func (ca *CA) Reload() error {
|
|||
}
|
||||
|
||||
// 1. Stop previous renewer
|
||||
// 2. Replace ca properties
|
||||
// 2. Close key manager
|
||||
// 3. Replace ca properties
|
||||
// Do not replace ca.srv
|
||||
ca.renewer.Stop()
|
||||
ca.auth.CloseForReload()
|
||||
ca.auth = newCA.auth
|
||||
ca.config = newCA.config
|
||||
ca.opts = newCA.opts
|
||||
|
|
Loading…
Reference in a new issue