Skip to content

Commit

Permalink
Use background context for renewing dynamic cert in background (#248)
Browse files Browse the repository at this point in the history 
The context available to `renewDynamicCertificate` comes from inside the TLS handshake, and as such
may be bounded by the lifespan of the connection. Passing this into a goroutine will lead to problems
when the connection ends (and the connection context gets canceled with it) but the goroutine is going
to do more I/O on that context.
  • Loading branch information
@ankon
ankon authored Aug 8, 2023
1 parent 51b3190 commit 8fac0d0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion handshake.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -727,7 +727,7 @@ func (cfg *Config) renewDynamicCertificate(ctx context.Context, hello *tls.Clien

// if the certificate hasn't expired, we can serve what we have and renew in the background
if timeLeft > 0 {
ctx, cancel := context.WithTimeout(ctx, 5*time.Minute)
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
go renewAndReload(ctx, cancel)
return currentCert, nil
}
Expand Down

0 comments on commit 8fac0d0

Please sign in to comment.