rancher/dynamiclistener
1
0
Fork 0
forked from github/dynamiclistener
Code Issues Pull Requests Projects Releases Wiki Activity

Raise default ExpirationDaysCheck to 90 and extend into cert factory

Browse Source 
Most of our products actually renew at 90 days, so make that the default.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This commit is contained in:
Brad Davidson
2022-07-20 12:50:19 -07:00
committed by Brad Davidson
parent fdf983a935
commit 8ebd77f8a4
2 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
listener.go
View File

@@ -45,14 +45,18 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
if config.TLSConfig == nil {
config.TLSConfig = &tls.Config{}
}
if config.ExpirationDaysCheck == 0 {
config.ExpirationDaysCheck = 90
}
dynamicListener := &listener{
factory: &factory.TLS{
CACert: caCert,
CAKey: caKey,
CN: config.CN,
Organization: config.Organization,
FilterCN: allowDefaultSANs(config.SANs, config.FilterCN),
CACert: caCert,
CAKey: caKey,
CN: config.CN,
Organization: config.Organization,
FilterCN: allowDefaultSANs(config.SANs, config.FilterCN),
ExpirationDaysCheck: config.ExpirationDaysCheck,
},
Listener: l,
storage: &nonNil{storage: storage},
@@ -82,10 +86,6 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
}
}
if config.ExpirationDaysCheck == 0 {
config.ExpirationDaysCheck = 30
}
tlsListener := tls.NewListener(dynamicListener.WrapExpiration(config.ExpirationDaysCheck), dynamicListener.tlsConfig)
return tlsListener, dynamicListener.cacheHandler(), nil