-
Notifications
You must be signed in to change notification settings - Fork 10
Reload client certificates #59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
5ee3675
to
2e17c10
Compare
This allows creating a client with certificate paths instead of a preloaded certificate. When created this way, on reconnection the client will check if the certificate files have been changed on disk and reload them if they have. This allows us to have auto-reloading of refreshed certificates client side.
2e17c10
to
4bcf3dc
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #59 +/- ##
==========================================
- Coverage 85.17% 84.23% -0.95%
==========================================
Files 34 38 +4
Lines 4831 5582 +751
==========================================
+ Hits 4115 4702 +587
- Misses 716 880 +164 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
The coverage tool is also counting the example file which cannot be covered. I could remove the example but it really helped me verifying the change. |
let key_changed = key_modified > self.key_modified; | ||
// Refresh if both files were modified, as we want to make sure that we don't pick up a new cert/key with | ||
// an old key/cert. | ||
if cert_changed && key_changed { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is a good enhancement. But instead of FileBased
, I would it to be more generic. I guess TlsOptions::with_pem_reloader(self, reloader: impl Fn() -> Option<...>
) -> Self` should work. Let me take a deep look.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah that could work if we can easily inject some pre-defined reloaders, to include a file based one too. Let me know if I can help with this.
This allows us to have auto-reloading of refreshed certificates in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
Closed in favor of #66 |
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to have auto-reloading of refreshed certificates stored anywhere in client side. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to reload refreshed certificates stored somewhere in client side. This commit also adds support for crls in cert verifier, so it will reject revoked server certs. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to reload refreshed certificates stored somewhere in client side. This commit also adds support for crls in cert verifier to reject revoked server certs. Resolves #59.
This allows creating a client with dynamic tls certificates. When created this way, on reconnection the client will use latest tls certificates. This allows us to reload refreshed certificates stored somewhere in client side. This commit also adds support for crls in cert verifier to reject revoked server certs. Resolves #59. Co-authored-by: Giorgos Georgiou <giorgos.georgiou@datadoghq.com>
This allows creating a client with certificate paths instead of a
preloaded certificate. When created this way, on reconnection the client
will check if the certificate files have been changed on disk and reload
them if they have.
This allows us to have auto-reloading of refreshed certificates client
side.