1
1
mirror of https://git.sr.ht/~emersion/tlstunnel synced 2024-11-19 15:53:50 +01:00

Protect acmeCache.config with atomic.Value

GetConfigForCert can be called from multiple goroutines.
This commit is contained in:
Simon Ser 2021-02-18 18:20:47 +01:00
parent 649ef6f327
commit c5d8549b09

@ -20,7 +20,7 @@ import (
const tlsHandshakeTimeout = 20 * time.Second const tlsHandshakeTimeout = 20 * time.Second
type acmeCache struct { type acmeCache struct {
config *certmagic.Config config atomic.Value
cache *certmagic.Cache cache *certmagic.Cache
} }
@ -28,7 +28,7 @@ func newACMECache() *acmeCache {
cache := &acmeCache{} cache := &acmeCache{}
cache.cache = certmagic.NewCache(certmagic.CacheOptions{ cache.cache = certmagic.NewCache(certmagic.CacheOptions{
GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) { GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) {
return cache.config, nil return cache.config.Load().(*certmagic.Config), nil
}, },
}) })
return cache return cache
@ -87,7 +87,7 @@ func (srv *Server) startACME() error {
srv.ACMEConfig.Issuers = []certmagic.Issuer{srv.ACMEManager} srv.ACMEConfig.Issuers = []certmagic.Issuer{srv.ACMEManager}
srv.acmeCache.config = srv.ACMEConfig srv.acmeCache.config.Store(srv.ACMEConfig)
for _, cert := range srv.UnmanagedCerts { for _, cert := range srv.UnmanagedCerts {
if err := srv.ACMEConfig.CacheUnmanagedTLSCertificate(cert, nil); err != nil { if err := srv.ACMEConfig.CacheUnmanagedTLSCertificate(cert, nil); err != nil {