mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-05-01 01:44:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Enable (X)TLS hot reloading by default (#281)

Browse source 
Super BiuBiu
This commit is contained in:
RPRX 2021-02-20 02:15:57 +00:00 committed by GitHub
parent 347d9735da
commit 8b9c0ae593
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 177 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

20
transport/internet/tls/config.go
View file

@ -60,10 +60,16 @@ func (c *Config) BuildCertificates() []*tls.Certificate {
continue
}
certs = append(certs, &keyPair)
if entry.OcspStapling != 0 {
if !entry.OneTimeLoading {
var isOcspstapling bool
hotReloadCertInterval := uint64(3600)
if entry.OcspStapling != 0 {
hotReloadCertInterval = entry.OcspStapling
isOcspstapling = true
}
index := len(certs) - 1
go func(cert *tls.Certificate, index int) {
t := time.NewTicker(time.Duration(entry.OcspStapling) * time.Second)
t := time.NewTicker(time.Duration(hotReloadCertInterval) * time.Second)
for {
if entry.CertificatePath != "" && entry.KeyPath != "" {
newCert, err := filesystem.ReadFile(entry.CertificatePath)
@ -93,10 +99,12 @@ func (c *Config) BuildCertificates() []*tls.Certificate {
cert = &newKeyPair
}
}
if newOCSPData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil {
newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
} else if string(newOCSPData) != string(cert.OCSPStaple) {
cert.OCSPStaple = newOCSPData
if isOcspstapling {
if newOCSPData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil {
newError("ignoring invalid OCSP").Base(err).AtWarning().WriteToLog()
} else if string(newOCSPData) != string(cert.OCSPStaple) {
cert.OCSPStaple = newOCSPData
}
}
certs[index] = cert
<-t.C