Removes wait loop for listener certs.

2025-06-25 22:31:36 +00:00 · 2022-07-28 12:40:33 -04:00 · 2022-07-28 12:40:33 -04:00 · 4c1ac9bd4b
commit 4c1ac9bd4b
parent 2b62d5cc69
1 changed files with 13 additions and 3 deletions
--- a/listener.go
+++ b/listener.go
@ -58,6 +58,7 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
 			ExpirationDaysCheck: config.ExpirationDaysCheck,
 		},
 		Listener:  l,
+		certReady: make(chan struct{}),
 		storage:   &nonNil{storage: storage},
 		sans:      config.SANs,
 		maxSANs:   config.MaxSANs,
@ -154,6 +155,7 @@ type listener struct {
 	version   string
 	tlsConfig *tls.Config
 	cert      *tls.Certificate
+	certReady chan struct{}
 	sans      []string
 	maxSANs   int
 	init      sync.Once
@ -162,9 +164,12 @@ type listener struct {
 func (l *listener) WrapExpiration(days int) net.Listener {
 	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
-		// loop on short sleeps until certificate preload completes
-		for l.cert == nil {
-			time.Sleep(time.Millisecond)
+
+		// wait for cert to be set, this will unblock when the channel is closed
+		select {
+		case <-ctx.Done():
+			return
+		case <-l.certReady:
 		}

 		for {
@ -448,7 +453,12 @@ func (l *listener) loadCert(currentConn net.Conn) (*tls.Certificate, error) {
 		l.connLock.Unlock()
 	}

+	// we can only close the ready channel once when the cert is first assigned
+	canClose := l.cert == nil
 	l.cert = &cert
+	if canClose {
+		close(l.certReady)
+	}
 	l.version = secret.ResourceVersion
 	return l.cert, nil
 }