Try to reload certificates every 2 hours

This commit is contained in:
Melon 2024-01-14 14:00:54 +00:00
parent 822c7b570a
commit f8dde8eebe
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
2 changed files with 27 additions and 4 deletions

View File

@ -27,6 +27,8 @@ type Certs struct {
ca *certgen.CertGen ca *certgen.CertGen
sn atomic.Int64 sn atomic.Int64
r *rescheduler.Rescheduler r *rescheduler.Rescheduler
t *time.Ticker
ts chan struct{}
} }
// New creates a new cert list // New creates a new cert list
@ -37,15 +39,26 @@ func New(certDir fs.FS, keyDir fs.FS, selfCert bool) *Certs {
ss: selfCert, ss: selfCert,
s: &sync.RWMutex{}, s: &sync.RWMutex{},
m: make(map[string]*tls.Certificate), m: make(map[string]*tls.Certificate),
ts: make(chan struct{}, 1),
} }
// the rescheduler isn't even used in self cert mode so why initialise it
if !selfCert { if !selfCert {
// the rescheduler isn't even used in self cert mode so why initialise it
c.r = rescheduler.NewRescheduler(c.threadCompile) c.r = rescheduler.NewRescheduler(c.threadCompile)
}
// in self-signed mode generate a CA certificate to sign other certificates c.t = time.NewTicker(2 * time.Hour)
if c.ss { go func() {
for {
select {
case <-c.t.C:
c.Compile()
case <-c.ts:
return
}
}
}()
} else {
// in self-signed mode generate a CA certificate to sign other certificates
ca, err := certgen.MakeCaTls(4096, pkix.Name{ ca, err := certgen.MakeCaTls(4096, pkix.Name{
Country: []string{"GB"}, Country: []string{"GB"},
Organization: []string{"Violet"}, Organization: []string{"Violet"},
@ -118,6 +131,13 @@ func (c *Certs) Compile() {
c.r.Run() c.r.Run()
} }
func (c *Certs) Stop() {
if c.t != nil {
c.t.Stop()
}
close(c.ts)
}
func (c *Certs) threadCompile() { func (c *Certs) threadCompile() {
// new map // new map
certMap := make(map[string]*tls.Certificate) certMap := make(map[string]*tls.Certificate)

View File

@ -183,6 +183,9 @@ func normalLoad(startUp startUpConfig, wd string) {
exit_reload.ExitReload("Violet", func() { exit_reload.ExitReload("Violet", func() {
allCompilables.Compile() allCompilables.Compile()
}, func() { }, func() {
// stop updating certificates
allowedCerts.Stop()
// close websockets first // close websockets first
ws.Shutdown() ws.Shutdown()