crypto/x509: add ability to reload root certificates #41888
Labels
Comments
Related to #35887 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem description:
As it can be seen on this line, root certificates loaded only once during the lifetime of the application -
go/src/crypto/x509/root.go
Line 16 in 9e5b136
This creates a problem when new root certificates are added. In our case, it happens on a regular basis when clients add intermediate/root certificates to the system via a separate component and then all other components that run in separate processes are expected to make use of them. This is currently not possible.
Workaround:
We are currently re-implemented Root Certificate loading logic by cutting and pasting the code from this library into our codebase and create our own certPool() for every request that requires the ca-chain refresh.
Proposed solutions:
The text was updated successfully, but these errors were encountered: