mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-13 22:51:08 -05:00
tls: Evict existing certificates from cache when loading ones from disk
This commit is contained in:
parent
79072828a5
commit
654f26cb91
1 changed files with 14 additions and 2 deletions
|
@ -128,8 +128,10 @@ func (cfg *Config) CacheManagedCertificate(domain string) (Certificate, error) {
|
||||||
|
|
||||||
// cacheUnmanagedCertificatePEMFile loads a certificate for host using certFile
|
// cacheUnmanagedCertificatePEMFile loads a certificate for host using certFile
|
||||||
// and keyFile, which must be in PEM format. It stores the certificate in
|
// and keyFile, which must be in PEM format. It stores the certificate in
|
||||||
// memory. The Managed and OnDemand flags of the certificate will be set to
|
// memory after evicting any other entries in the cache keyed by the names
|
||||||
// false.
|
// on this certificate. In other words, it replaces existing certificates keyed
|
||||||
|
// by the names on this certificate. The Managed and OnDemand flags of the
|
||||||
|
// certificate will be set to false.
|
||||||
//
|
//
|
||||||
// This function is safe for concurrent use.
|
// This function is safe for concurrent use.
|
||||||
func cacheUnmanagedCertificatePEMFile(certFile, keyFile string) error {
|
func cacheUnmanagedCertificatePEMFile(certFile, keyFile string) error {
|
||||||
|
@ -137,6 +139,16 @@ func cacheUnmanagedCertificatePEMFile(certFile, keyFile string) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// since this is manually managed, this call might be part of a reload after
|
||||||
|
// the owner renewed a certificate; so clear cache of any previous cert first,
|
||||||
|
// otherwise the renewed certificate may never be loaded
|
||||||
|
certCacheMu.Lock()
|
||||||
|
for _, name := range cert.Names {
|
||||||
|
delete(certCache, name)
|
||||||
|
}
|
||||||
|
certCacheMu.Unlock()
|
||||||
|
|
||||||
cacheCertificate(cert)
|
cacheCertificate(cert)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue