You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When certificates change on disk, etcd should pick up new certificates on the next client/peer request. This does not always happen.
Based on the code here, if we set Certificates and clientHello.ServerName is empty (which is true when addressed via ip address), it will fall back to the first element of Certificates instead of calling GetCertificate. https://github.com/golang/go/blob/master/src/crypto/tls/common.go#L716
According to this comment, the Certificates field needs to be set for integration tests to pass. I don't know why, but this is the cause of the issue. We should always be calling GetCertificates if certs should always be reloaded, never falling back to the certificate that was loaded at startup. #7784 (comment)
The text was updated successfully, but these errors were encountered:
When certificates change on disk, etcd should pick up new certificates on the next client/peer request. This does not always happen.
Based on the code here, if we set
Certificates
andclientHello.ServerName
is empty (which is true when addressed via ip address), it will fall back to the first element ofCertificates
instead of callingGetCertificate
.https://github.com/golang/go/blob/master/src/crypto/tls/common.go#L716
According to this comment, the
Certificates
field needs to be set for integration tests to pass. I don't know why, but this is the cause of the issue. We should always be callingGetCertificates
if certs should always be reloaded, never falling back to the certificate that was loaded at startup.#7784 (comment)
The text was updated successfully, but these errors were encountered: