Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/acme/autocert: Consider storing certificates as "*.pem" in DirCache #37354

Open
arp242 opened this issue Feb 21, 2020 · 3 comments
Open

x/crypto/acme/autocert: Consider storing certificates as "*.pem" in DirCache #37354

arp242 opened this issue Feb 21, 2020 · 3 comments

Comments

@arp242
Copy link

@arp242 arp242 commented Feb 21, 2020

I recently implemented autocert to generate certificates; it works quite well for me 馃憤

I did run in to one snag: the DirCache implementation stores the generated certificates as just the domain name; e.g. test.example.com, rather than test.example.com.pem.

I also use the generated certificates with an external TLS proxy (hitch), and loading the certificates like this isn't possible since it will errors out on non-certificate files like acme_account+key, which strikes me as reasonable behaviour on hitch's part.

If they would be stored as *.pem I could tell hitch to load only those files, which works.

I worked around this by wrapping the DirCache as below, but I think it might be reasonable to change the behaviour of DirCache to always do this?

// cache is like autocert.DirCache, but ensures that certificates end with .pem.
type cache struct{ dc autocert.DirCache }

func NewCache(dir string) cache { return cache{dc: autocert.DirCache(dir)} }

func (d cache) Get(ctx context.Context, key string) ([]byte, error) {
    if !strings.Contains(key, "+") {
        key += ".pem"
    }
    return d.dc.Get(ctx, key)
}

func (d cache) Delete(ctx context.Context, key string) error {
    if !strings.Contains(key, "+") {
        key += ".pem"
    }
    return d.dc.Delete(ctx, key)
}

func (d cache) Put(ctx context.Context, key string, data []byte) error {
    if !strings.Contains(key, "+") {
        key += ".pem"
    }
    return d.dc.Put(ctx, key, data)
}
@gopherbot gopherbot added this to the Unreleased milestone Feb 21, 2020
@toothrot
Copy link
Contributor

@toothrot toothrot commented Feb 21, 2020

@slrz
Copy link

@slrz slrz commented Feb 22, 2020

Given the existence of an easy workaround, I'd prefer to not change the behaviour of file name = host name.

@arp242
Copy link
Author

@arp242 arp242 commented Feb 23, 2020

I wouldn't exactly call it "easy" @slrz. I mean, the code as such is easy enough to follow, but it took me a while and reading through the code to figure out that checking for + would be a reliable way to filter the non-certificate files, and it's kind of an internal detail of DirCache that may change in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants