get_certkey_parsed: Pass stale certificate if getting certificate from storage fails #80
Comments
|
That's good idea @nizar-m ! I will draft a PR. |
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
|
This is now implemented and will be included in next release : ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If file-system is used as storage for cert, the only reason why getting certificate from storage fails is because the certificate does not exist in the first place. If it is a storage system like vault, it can fail due to networking errors, timeout due to vault being busy etc. Not serving a certificate when this happens would result in HTTPS connection errors.
So it makes sense that we provide stale certificate from cache, if it is present, when the request to get certificate from storage fails. Just logging errors would be enough. This way we can improve the reliability of the HTTPS requests.
The text was updated successfully, but these errors were encountered: