-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get_certkey_parsed: Pass stale certificate if getting certificate from storage fails #80
Comments
That's good idea @nizar-m ! I will draft a PR. |
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
fffonion
added a commit
that referenced
this issue
Oct 20, 2022
This is now implemented and will be included in next release : ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If file-system is used as storage for cert, the only reason why getting certificate from storage fails is because the certificate does not exist in the first place. If it is a storage system like vault, it can fail due to networking errors, timeout due to vault being busy etc. Not serving a certificate when this happens would result in HTTPS connection errors.
So it makes sense that we provide stale certificate from cache, if it is present, when the request to get certificate from storage fails. Just logging errors would be enough. This way we can improve the reliability of the HTTPS requests.
The text was updated successfully, but these errors were encountered: