direktil/local-server
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

keeping old but still valid CA certs on renewal

Browse Source
This commit is contained in:
Mikaël Cluseau 2025-01-26 18:59:51 +01:00
parent b12ce7299f
commit 1871eac7bb
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cmd/dkl-local-server/ws-cluster-cas.go
View File

@ -2,7 +2,9 @@ package main
import ( import (
"fmt" "fmt"
"time"
"github.com/cloudflare/cfssl/helpers"
"github.com/cloudflare/cfssl/log" "github.com/cloudflare/cfssl/log"
restful "github.com/emicklei/go-restful" restful "github.com/emicklei/go-restful"
) )
@ -55,11 +57,22 @@ func getUsableClusterCA(cluster, name string) (ca CA, err error) {
if checkErr != nil { if checkErr != nil {
log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr) log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr)
prevCerts, _ := helpers.ParseCertificatesPEM(ca.Cert)
err = ca.RenewCert() err = ca.RenewCert()
if err != nil { if err != nil {
err = fmt.Errorf("renew: %w", err) err = fmt.Errorf("renew: %w", err)
} }
now := time.Now()
for _, cert := range prevCerts {
if cert.NotAfter.After(now) {
continue
}
certPEM := helpers.EncodeCertificatePEM(cert)
ca.Cert = append(ca.Cert, certPEM...)
}
err = clusterCAs.Put(key, ca) err = clusterCAs.Put(key, ca)
} }