reload tls cert whenever it is requested

2022-03-23 11:43:13 -07:00 · 2022-03-23 11:43:13 -07:00 · ef01452f1c
parent d6b67a77c3
commit ef01452f1c
1 changed files with 15 additions and 1 deletions
--- a/main.go
+++ b/main.go
@ -16,6 +16,7 @@
 package main

 import (
+	"crypto/tls"
 	"errors"
 	"net"
 	"net/http"
@ -161,7 +162,20 @@ func main() {
 	}

 	if len(*tlsCertPath) != 0 && len(*tlsKeyPath) != 0 {
-		err = http.ServeTLS(emfileAwareTcpListener{ln.(*net.TCPListener), logger}, nil, *tlsCertPath, *tlsKeyPath)
+		server := &http.Server{
+			TLSConfig: &tls.Config{
+				GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+					caFiles, err := tls.LoadX509KeyPair(*tlsCertPath, *tlsKeyPath)
+					if err != nil {
+						return nil, err
+					}
+
+					return &caFiles, nil
+				},
+			},
+		}
+
+		err = server.ServeTLS(emfileAwareTcpListener{ln.(*net.TCPListener), logger}, "", "")
 		if err != nil {
 			logrus.WithError(err).Fatal("error serving TLS requests")
 		}