Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally pass the context argument down to the OnDemand decision func #255

Merged
merged 2 commits into from
Oct 30, 2023
Merged

Optionally pass the context argument down to the OnDemand decision func #255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4fa8830
Optionally pass the context argument down to the OnDemand decision func
ankon Oct 27, 2023
8172724
Remove the "compatibility shims"
ankon Oct 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion certmagic.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ type OnDemandConfig struct {
// whether a certificate can be obtained or renewed
// for the given name. If an error is returned, the
// request will be denied.
DecisionFunc func(name string) error
DecisionFunc func(ctx context.Context, name string) error

// Sources for getting new, unmanaged certificates.
// They will be invoked only during TLS handshakes
Expand Down
8 changes: 4 additions & 4 deletions handshake.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ func (cfg *Config) getCertDuringHandshake(ctx context.Context, hello *tls.Client
// Make sure a certificate is allowed for the given name. If not, it doesn't
// make sense to try loading one from storage (issue #185), getting it from a
// certificate manager, or obtaining one from an issuer.
if err := cfg.checkIfCertShouldBeObtained(name, false); err != nil {
if err := cfg.checkIfCertShouldBeObtained(ctx, name, false); err != nil {
return Certificate{}, fmt.Errorf("certificate is not allowed for server name %s: %v", name, err)
}

Expand Down Expand Up @@ -438,7 +438,7 @@ func (cfg *Config) optionalMaintenance(ctx context.Context, log *zap.Logger, cer
// checkIfCertShouldBeObtained checks to see if an on-demand TLS certificate
// should be obtained for a given domain based upon the config settings. If
// a non-nil error is returned, do not issue a new certificate for name.
func (cfg *Config) checkIfCertShouldBeObtained(name string, requireOnDemand bool) error {
func (cfg *Config) checkIfCertShouldBeObtained(ctx context.Context, name string, requireOnDemand bool) error {
if requireOnDemand && cfg.OnDemand == nil {
return fmt.Errorf("not configured for on-demand certificate issuance")
}
Expand All @@ -447,7 +447,7 @@ func (cfg *Config) checkIfCertShouldBeObtained(name string, requireOnDemand bool
}
if cfg.OnDemand != nil {
if cfg.OnDemand.DecisionFunc != nil {
if err := cfg.OnDemand.DecisionFunc(name); err != nil {
if err := cfg.OnDemand.DecisionFunc(ctx, name); err != nil {
return fmt.Errorf("decision func: %w", err)
}
return nil
Expand Down Expand Up @@ -685,7 +685,7 @@ func (cfg *Config) renewDynamicCertificate(ctx context.Context, hello *tls.Clien
defer cancel()

// Make sure a certificate for this name should be renewed on-demand
err := cfg.checkIfCertShouldBeObtained(name, true)
err := cfg.checkIfCertShouldBeObtained(ctx, name, true)
if err != nil {
// if not, remove from cache (it will be deleted from storage later)
cfg.certCache.mu.Lock()
Expand Down