From ef01452f1cd4b7c3cf6affc8b94ff3ac974dbb4b Mon Sep 17 00:00:00 2001
From: Kyle <mcgoughboy@gmail.com>
Date: Wed, 23 Mar 2022 11:43:13 -0700
Subject: [PATCH] reload tls cert whenever it is requested

---
 main.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index d4a3401..156600b 100644
--- a/main.go
+++ b/main.go
@@ -16,6 +16,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"errors"
 	"net"
 	"net/http"
@@ -161,7 +162,20 @@ func main() {
 	}
 
 	if len(*tlsCertPath) != 0 && len(*tlsKeyPath) != 0 {
-		err = http.ServeTLS(emfileAwareTcpListener{ln.(*net.TCPListener), logger}, nil, *tlsCertPath, *tlsKeyPath)
+		server := &http.Server{
+			TLSConfig: &tls.Config{
+				GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+					caFiles, err := tls.LoadX509KeyPair(*tlsCertPath, *tlsKeyPath)
+					if err != nil {
+						return nil, err
+					}
+
+					return &caFiles, nil
+				},
+			},
+		}
+
+		err = server.ServeTLS(emfileAwareTcpListener{ln.(*net.TCPListener), logger}, "", "")
 		if err != nil {
 			logrus.WithError(err).Fatal("error serving TLS requests")
 		}