mirror of https://github.com/hashicorp/consul
89ba649252
This improves the checking so that if a certificate were to expire or the roots changed then we will go into a non-ready state. This parses the x509 certificates from the TLS certificate when the leaf is set. The readyCh will be closed whenever a parseable certificate is set and the ca roots are set. This does not mean that the certificate is valid but that it has been setup and is generally valid. The Ready function will now do x509 certificate verification which will in addition to verifying the signatures with the installed CA roots will also verify the certificate isn't expired or not set to become valid in the future. The correct way to use these functions is to wait for the ReadyWait chan to be closed and then periodically check the readiness to determine if the certificate is currently useable. |
||
---|---|---|
.. | ||
certgen | ||
proxy | ||
example_test.go | ||
resolver.go | ||
resolver_test.go | ||
service.go | ||
service_test.go | ||
testing.go | ||
tls.go | ||
tls_test.go |