Skip to content

Commit 13d9315

Browse files
zylazyla
committed
Async private key generation
1 parent 7807ef8 commit 13d9315

File tree

2 files changed

+23
-5
lines changed

2 files changed

+23
-5
lines changed

lib/resty/acme/autossl.lua

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -205,12 +205,16 @@ local function update_cert_handler(data)
205205
if not pkey then
206206
local t = ngx.now()
207207
if typ == 'rsa' then
208-
pkey = util.create_pkey(4096, 'RSA')
208+
local pkey, err = util.create_pkey(4096, 'RSA')
209209
elseif typ == 'ecc' then
210-
pkey = util.create_pkey(nil, 'EC', 'prime256v1')
210+
local pkey, err = util.create_pkey(nil, 'EC', 'prime256v1')
211211
else
212212
return "unknown key type: " .. typ
213213
end
214+
if not pkey then
215+
log(ngx_ERR, "error creating new ", typ, " private key for ", domain, ": ", err)
216+
return err
217+
end
214218
ngx.update_time()
215219
log(ngx_INFO, ngx.now() - t, "s spent in creating new ", typ, " private key")
216220
end
@@ -456,7 +460,11 @@ function AUTOSSL.init(autossl_config, acme_config)
456460
else
457461
-- We always generate a key here incase there isn't already one in storage
458462
-- that way a consistent one can be shared across all workers
459-
AUTOSSL.generated_account_key = AUTOSSL.create_account_key()
463+
local key, err = AUTOSSL.create_account_key()
464+
if not key then
465+
error("failed to create account key: " .. err)
466+
end
467+
AUTOSSL.generated_account_key = key
460468
end
461469

462470
if autossl_config.staging then
@@ -676,10 +684,10 @@ end
676684

677685
function AUTOSSL.create_account_key()
678686
local t = ngx.now()
679-
local pkey = util.create_pkey(4096, 'RSA')
687+
local pkey, err = util.create_pkey(4096, 'RSA')
680688
ngx.update_time()
681689
log(ngx_INFO, ngx.now() - t, "s spent in creating new account key")
682-
return pkey
690+
return pkey, err
683691
end
684692

685693
function AUTOSSL.load_account_key_storage()

lib/resty/acme/util.lua

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,15 @@ local function create_csr(domain_pkey, ...)
9090
end
9191

9292
local function create_pkey(bits, typ, curve)
93+
local ok, result_or_err = ngx.run_worker_thread('create_pkey', 'resty.acme.util', 'create_pkey_sync', bits, type)
94+
if not ok then
95+
ngx_log(ngx_ERR, "create_pkey: failed to run worker thread: ", result_or_err)
96+
return nil, result_or_err
97+
end
98+
return result_or_err
99+
end
100+
101+
local function create_pkey_sync(bits, typ, curve)
93102
bits = bits or 4096
94103
typ = typ or 'RSA'
95104
local pkey = openssl.pkey.new({
@@ -179,6 +188,7 @@ return {
179188
thumbprint = thumbprint,
180189
create_csr = create_csr,
181190
create_pkey = create_pkey,
191+
create_pkey_sync = create_pkey_sync,
182192
check_chain_root_issuer = check_chain_root_issuer,
183193
log = log,
184194
}

0 commit comments

Comments
 (0)