mirror of
https://github.com/1f349/violet.git
synced 2024-11-24 04:11:32 +00:00
Try to reload certificates every 2 hours
This commit is contained in:
parent
822c7b570a
commit
f8dde8eebe
@ -27,6 +27,8 @@ type Certs struct {
|
|||||||
ca *certgen.CertGen
|
ca *certgen.CertGen
|
||||||
sn atomic.Int64
|
sn atomic.Int64
|
||||||
r *rescheduler.Rescheduler
|
r *rescheduler.Rescheduler
|
||||||
|
t *time.Ticker
|
||||||
|
ts chan struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates a new cert list
|
// New creates a new cert list
|
||||||
@ -37,15 +39,26 @@ func New(certDir fs.FS, keyDir fs.FS, selfCert bool) *Certs {
|
|||||||
ss: selfCert,
|
ss: selfCert,
|
||||||
s: &sync.RWMutex{},
|
s: &sync.RWMutex{},
|
||||||
m: make(map[string]*tls.Certificate),
|
m: make(map[string]*tls.Certificate),
|
||||||
|
ts: make(chan struct{}, 1),
|
||||||
}
|
}
|
||||||
|
|
||||||
// the rescheduler isn't even used in self cert mode so why initialise it
|
|
||||||
if !selfCert {
|
if !selfCert {
|
||||||
|
// the rescheduler isn't even used in self cert mode so why initialise it
|
||||||
c.r = rescheduler.NewRescheduler(c.threadCompile)
|
c.r = rescheduler.NewRescheduler(c.threadCompile)
|
||||||
}
|
|
||||||
|
|
||||||
// in self-signed mode generate a CA certificate to sign other certificates
|
c.t = time.NewTicker(2 * time.Hour)
|
||||||
if c.ss {
|
go func() {
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-c.t.C:
|
||||||
|
c.Compile()
|
||||||
|
case <-c.ts:
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
} else {
|
||||||
|
// in self-signed mode generate a CA certificate to sign other certificates
|
||||||
ca, err := certgen.MakeCaTls(4096, pkix.Name{
|
ca, err := certgen.MakeCaTls(4096, pkix.Name{
|
||||||
Country: []string{"GB"},
|
Country: []string{"GB"},
|
||||||
Organization: []string{"Violet"},
|
Organization: []string{"Violet"},
|
||||||
@ -118,6 +131,13 @@ func (c *Certs) Compile() {
|
|||||||
c.r.Run()
|
c.r.Run()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Certs) Stop() {
|
||||||
|
if c.t != nil {
|
||||||
|
c.t.Stop()
|
||||||
|
}
|
||||||
|
close(c.ts)
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Certs) threadCompile() {
|
func (c *Certs) threadCompile() {
|
||||||
// new map
|
// new map
|
||||||
certMap := make(map[string]*tls.Certificate)
|
certMap := make(map[string]*tls.Certificate)
|
||||||
|
@ -183,6 +183,9 @@ func normalLoad(startUp startUpConfig, wd string) {
|
|||||||
exit_reload.ExitReload("Violet", func() {
|
exit_reload.ExitReload("Violet", func() {
|
||||||
allCompilables.Compile()
|
allCompilables.Compile()
|
||||||
}, func() {
|
}, func() {
|
||||||
|
// stop updating certificates
|
||||||
|
allowedCerts.Stop()
|
||||||
|
|
||||||
// close websockets first
|
// close websockets first
|
||||||
ws.Shutdown()
|
ws.Shutdown()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user