You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey @fabmade, yes this is possible by setting a IdentityProvider in advancedTLS option when creating TLS credentials for calling Dial(). The provider will create a watcher for the cert + key files which would trigger update when for file updates. Here's an example
// specify cert + key file here (optionally set refresh duration. default: 1 hr)clientIdentityOptions:= pemfile.Options{
CertFile: clientCertFilename,
KeyFile: clientKeyFilename,
RefreshDuration: credRefreshingInterval,
}
// create new IdentityProvider passing in OptionsclientIdentityProvider, err:=pemfile.NewProvider(clientIdentityOptions)
// pass in clientIdentityProvider to IdentityOption in client optionsclientOptions:=&ClientOptions{
IdentityOptions: IdentityCertificateOptions{
IdentityProvider: clientIdentityProvider,
},
...
}
// create credentialsclientTLSCreds, err:=advancedtls.NewClientCreds(clientOptions)
// Make a connection using the credentials.conn, err:=grpc.Dial(address, grpc.WithTransportCredentials(clientTLSCreds))
Also you could check out the example from advancedTLS in our repo here
This issue is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.
Hi together,
is it possible to reload the client cert without downtime? On server side it is possible with the tls.Config’s GetCertificate method.
But on client side i found no way to do this. It calls the handshake before GetCertificate or GetClientCertificate is called.
The text was updated successfully, but these errors were encountered: