mirror of
https://github.com/rancher/dynamiclistener.git
synced 2025-08-14 19:43:02 +00:00
Marking additional connections as ready
Most connections were not marked as ready despite having retrieved a valid cert. This change makes all connections which succesfully retrieved a cert get marked as ready
This commit is contained in:
parent
401fafb7e6
commit
e73d5f2fca
17
listener.go
17
listener.go
@ -345,8 +345,20 @@ func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return l.loadCert(newConn)
|
||||
connCert, err := l.loadCert(newConn)
|
||||
if connCert != nil && err == nil && newConn != nil && l.conns != nil {
|
||||
// if we were successfully able to load a cert and are closing connections on cert changes, mark newConn ready
|
||||
// this will allow us to close the connection if a future connection forces the cert to re-load
|
||||
wrapper, ok := newConn.(*closeWrapper)
|
||||
if !ok {
|
||||
logrus.Debugf("will not mark non-close wrapper connection from %s to %s as ready", newConn.RemoteAddr(), newConn.LocalAddr())
|
||||
return connCert, err
|
||||
}
|
||||
l.connLock.Lock()
|
||||
l.conns[wrapper.id].ready = true
|
||||
l.connLock.Unlock()
|
||||
}
|
||||
return connCert, err
|
||||
}
|
||||
|
||||
func (l *listener) updateCert(cn ...string) error {
|
||||
@ -433,7 +445,6 @@ func (l *listener) loadCert(currentConn net.Conn) (*tls.Certificate, error) {
|
||||
}
|
||||
_ = conn.close()
|
||||
}
|
||||
l.conns[currentConn.(*closeWrapper).id].ready = true
|
||||
l.connLock.Unlock()
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user