mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-01 00:23:48 +03:00
tls: Evict existing certificates from cache when loading ones from disk
This commit is contained in:
parent
79072828a5
commit
654f26cb91
1 changed files with 14 additions and 2 deletions
|
@ -128,8 +128,10 @@ func (cfg *Config) CacheManagedCertificate(domain string) (Certificate, error) {
|
|||
|
||||
// cacheUnmanagedCertificatePEMFile loads a certificate for host using certFile
|
||||
// and keyFile, which must be in PEM format. It stores the certificate in
|
||||
// memory. The Managed and OnDemand flags of the certificate will be set to
|
||||
// false.
|
||||
// memory after evicting any other entries in the cache keyed by the names
|
||||
// on this certificate. In other words, it replaces existing certificates keyed
|
||||
// by the names on this certificate. The Managed and OnDemand flags of the
|
||||
// certificate will be set to false.
|
||||
//
|
||||
// This function is safe for concurrent use.
|
||||
func cacheUnmanagedCertificatePEMFile(certFile, keyFile string) error {
|
||||
|
@ -137,6 +139,16 @@ func cacheUnmanagedCertificatePEMFile(certFile, keyFile string) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// since this is manually managed, this call might be part of a reload after
|
||||
// the owner renewed a certificate; so clear cache of any previous cert first,
|
||||
// otherwise the renewed certificate may never be loaded
|
||||
certCacheMu.Lock()
|
||||
for _, name := range cert.Names {
|
||||
delete(certCache, name)
|
||||
}
|
||||
certCacheMu.Unlock()
|
||||
|
||||
cacheCertificate(cert)
|
||||
return nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue