diff options
author | Matt Holt <mholt@users.noreply.github.com> | 2023-07-11 13:10:58 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-11 19:10:58 +0000 |
commit | 0e2c7e1d35b287fc0e56d6db2951f791e09b5a37 (patch) | |
tree | 3669f5d01fa351bda933d3796c50a72da9942a01 /modules/caddyhttp | |
parent | 7ceef91295343237f5b81ed00e3ba7e8e594d603 (diff) |
caddytls: Reuse certificate cache through reloads (#5623)
* caddytls: Don't purge cert cache on config reload
* Update CertMagic
This actually avoids reloading managed certs from storage
when already in the cache, d'oh.
* Fix bug; re-implement HasCertificateForSubject
* Update go.mod: CertMagic tag
Diffstat (limited to 'modules/caddyhttp')
-rw-r--r-- | modules/caddyhttp/autohttps.go | 3 | ||||
-rw-r--r-- | modules/caddyhttp/reverseproxy/httptransport.go | 2 |
2 files changed, 2 insertions, 3 deletions
diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 4ade3c5..39ec135 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -196,8 +196,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // if a certificate for this name is already loaded, // don't obtain another one for it, unless we are // supposed to ignore loaded certificates - if !srv.AutoHTTPS.IgnoreLoadedCerts && - len(app.tlsApp.AllMatchingCertificates(d)) > 0 { + if !srv.AutoHTTPS.IgnoreLoadedCerts && app.tlsApp.HasCertificateForSubject(d) { logger.Info("skipping automatic certificate management because one or more matching certificates are already loaded", zap.String("domain", d), zap.String("server_name", srvName), diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 1135862..8334f25 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -525,7 +525,7 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { return nil, fmt.Errorf("managing client certificate: %v", err) } cfg.GetClientCertificate = func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) { - certs := tlsApp.AllMatchingCertificates(t.ClientCertificateAutomate) + certs := caddytls.AllMatchingCertificates(t.ClientCertificateAutomate) var err error for _, cert := range certs { err = cri.SupportsCertificate(&cert.Certificate) |