Enable (X)TLS hot reloading by default (#281)

Super BiuBiu
2025-04-30 09:18:34 +00:00 · 2021-02-20 02:15:57 +00:00 · 2021-02-20 02:15:57 +00:00 · 8b9c0ae593
commit 8b9c0ae593
parent 347d9735da
7 changed files with 177 additions and 122 deletions
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@ -247,12 +247,13 @@ func readFileOrString(f string, s []string) ([]byte, error) {
 }

 type TLSCertConfig struct {
-	CertFile     string   `json:"certificateFile"`
-	CertStr      []string `json:"certificate"`
-	KeyFile      string   `json:"keyFile"`
-	KeyStr       []string `json:"key"`
-	Usage        string   `json:"usage"`
-	OcspStapling int64    `json:"ocspStapling"`
+	CertFile       string   `json:"certificateFile"`
+	CertStr        []string `json:"certificate"`
+	KeyFile        string   `json:"keyFile"`
+	KeyStr         []string `json:"key"`
+	Usage          string   `json:"usage"`
+	OcspStapling   uint64   `json:"ocspStapling"`
+	OneTimeLoading bool     `json:"oneTimeLoading"`
 }

 // Build implements Buildable.
@ -285,7 +286,11 @@ func (c *TLSCertConfig) Build() (*tls.Certificate, error) {
 	default:
 		certificate.Usage = tls.Certificate_ENCIPHERMENT
 	}
-
+	if certificate.KeyPath == "" && certificate.CertificatePath == "" {
+		certificate.OneTimeLoading = true
+	} else {
+		certificate.OneTimeLoading = c.OneTimeLoading
+	}
 	certificate.OcspStapling = c.OcspStapling

 	return certificate, nil
@ -333,18 +338,18 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 }

 type XTLSCertConfig struct {
-	CertFile     string   `json:"certificateFile"`
-	CertStr      []string `json:"certificate"`
-	KeyFile      string   `json:"keyFile"`
-	KeyStr       []string `json:"key"`
-	Usage        string   `json:"usage"`
-	OcspStapling int64    `json:"ocspStapling"`
+	CertFile       string   `json:"certificateFile"`
+	CertStr        []string `json:"certificate"`
+	KeyFile        string   `json:"keyFile"`
+	KeyStr         []string `json:"key"`
+	Usage          string   `json:"usage"`
+	OcspStapling   uint64   `json:"ocspStapling"`
+	OneTimeLoading bool     `json:"oneTimeLoading"`
 }

 // Build implements Buildable.
 func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) {
 	certificate := new(xtls.Certificate)
-
 	cert, err := readFileOrString(c.CertFile, c.CertStr)
 	if err != nil {
 		return nil, newError("failed to parse certificate").Base(err)
@ -371,7 +376,11 @@ func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) {
 	default:
 		certificate.Usage = xtls.Certificate_ENCIPHERMENT
 	}
-
+	if certificate.KeyPath == "" && certificate.CertificatePath == "" {
+		certificate.OneTimeLoading = true
+	} else {
+		certificate.OneTimeLoading = c.OneTimeLoading
+	}
 	certificate.OcspStapling = c.OcspStapling

 	return certificate, nil