mirror of
https://git.sr.ht/~emersion/tlstunnel
synced 2024-11-19 15:53:50 +01:00
Evict unused unmanaged certs from cache on reload
This commit is contained in:
parent
bbdaec6b98
commit
37aeff9b6d
17
server.go
17
server.go
@ -48,6 +48,7 @@ type Server struct {
|
|||||||
|
|
||||||
acmeCache *acmeCache
|
acmeCache *acmeCache
|
||||||
cancelACME context.CancelFunc
|
cancelACME context.CancelFunc
|
||||||
|
unmanagedHashes []string
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServer() *Server {
|
func NewServer() *Server {
|
||||||
@ -92,10 +93,11 @@ func (srv *Server) startACME() error {
|
|||||||
srv.acmeCache.config.Store(srv.ACMEConfig)
|
srv.acmeCache.config.Store(srv.ACMEConfig)
|
||||||
|
|
||||||
for _, cert := range srv.UnmanagedCerts {
|
for _, cert := range srv.UnmanagedCerts {
|
||||||
_, err := srv.ACMEConfig.CacheUnmanagedTLSCertificate(ctx, cert, nil)
|
hash, err := srv.ACMEConfig.CacheUnmanagedTLSCertificate(ctx, cert, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to cache unmanaged TLS certificate: %v", err)
|
return fmt.Errorf("failed to cache unmanaged TLS certificate: %v", err)
|
||||||
}
|
}
|
||||||
|
srv.unmanagedHashes = append(srv.unmanagedHashes, hash)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := srv.ACMEConfig.ManageAsync(ctx, srv.ManagedNames); err != nil {
|
if err := srv.ACMEConfig.ManageAsync(ctx, srv.ManagedNames); err != nil {
|
||||||
@ -183,7 +185,18 @@ func (srv *Server) Replace(old *Server) error {
|
|||||||
}
|
}
|
||||||
srv.acmeCache.cache.RemoveManaged(removeManaged)
|
srv.acmeCache.cache.RemoveManaged(removeManaged)
|
||||||
|
|
||||||
// TODO: evict unused unmanaged certs from the cache
|
// Cleanup unmanaged certs which are no longer used
|
||||||
|
unmanaged := make(map[string]struct{}, len(srv.unmanagedHashes))
|
||||||
|
for _, hash := range srv.unmanagedHashes {
|
||||||
|
unmanaged[hash] = struct{}{}
|
||||||
|
}
|
||||||
|
removeUnmanaged := make([]string, 0, len(old.unmanagedHashes))
|
||||||
|
for _, hash := range old.unmanagedHashes {
|
||||||
|
if _, ok := unmanaged[hash]; !ok {
|
||||||
|
removeUnmanaged = append(removeUnmanaged, hash)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
srv.acmeCache.cache.Remove(removeUnmanaged)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user