Fix build error introduced in bad merge of TLS stuff

pull/4275/head
Paul Banks 7 years ago committed by Mitchell Hashimoto
parent 67af5c740b
commit d1f4ad3d8a
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A

@ -252,21 +252,7 @@ func (s *Service) rootsWatchHandler(blockParam watch.BlockingParamVal, raw inter
roots.AppendCertsFromPEM([]byte(root.RootCertPEM)) roots.AppendCertsFromPEM([]byte(root.RootCertPEM))
} }
// Note that SetTLSConfig takes care of adding a dynamic GetConfigForClient s.tlsCfg.SetRoots(roots)
// hook that will fetch this updated config for new incoming connections on a
// server. That means all future connections are validated against the new
// roots. On a client, we only expose Dial and we fetch the most recent config
// each time so all future Dials (direct or via an http.Client with our dial
// hook) will grab this new config.
newCfg := s.serverTLSCfg.TLSConfig()
// Server-side verification uses ClientCAs.
newCfg.ClientCAs = roots
s.serverTLSCfg.SetTLSConfig(newCfg)
newCfg = s.clientTLSCfg.TLSConfig()
// Client-side verification uses RootCAs.
newCfg.RootCAs = roots
s.clientTLSCfg.SetTLSConfig(newCfg)
} }
func (s *Service) leafWatchHandler(blockParam watch.BlockingParamVal, raw interface{}) { func (s *Service) leafWatchHandler(blockParam watch.BlockingParamVal, raw interface{}) {
@ -286,16 +272,5 @@ func (s *Service) leafWatchHandler(blockParam watch.BlockingParamVal, raw interf
return return
} }
// Note that SetTLSConfig takes care of adding a dynamic GetClientCertificate s.tlsCfg.SetLeaf(&cert)
// hook that will fetch the first cert from the Certificates slice of the
// current config for each outbound client request even if the client is using
// an old version of the config struct so all we need to do it set that and
// all existing clients will start using the new cert.
newCfg := s.serverTLSCfg.TLSConfig()
newCfg.Certificates = []tls.Certificate{cert}
s.serverTLSCfg.SetTLSConfig(newCfg)
newCfg = s.clientTLSCfg.TLSConfig()
newCfg.Certificates = []tls.Certificate{cert}
s.clientTLSCfg.SetTLSConfig(newCfg)
} }

Loading…
Cancel
Save