Load certificates for each TLS Hello

2026-03-21 08:39:33 +01:00 · 2021-04-02 21:47:00 +02:00
parent d770d27a67
commit 44e4d33fba
1 changed files with 7 additions and 13 deletions
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -58,22 +58,16 @@ func main() {
 	glog.Infof("Running with config: %+v", parameters)
 	//sidecarConfig, err := loadConfig(parameters.sidecarCfgFile)
 	//if err != nil {
 	//	glog.Errorf("Failed to load configuration: %v", err)
 	//}
 	pair, err := tls.LoadX509KeyPair(parameters.certFile, parameters.keyFile)
 	if err != nil {
 		glog.Errorf("Failed to load key pair: %v", err)
 	}
 	whsvr := &WebhookServer{
 		config: &parameters,
 		server: &http.Server{
-			Addr:      fmt.Sprintf(":%v", parameters.port),
+			Addr: fmt.Sprintf(":%v", parameters.port),
-			// TODO: rewrite using GetCertificate
+			// This is quite inefficient as it loads file contents on every TLS ClientHello, but ¯\_(ツ)_/¯
-			TLSConfig: &tls.Config{Certificates: []tls.Certificate{pair}},
+			TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				glog.Infof("Loading certificates")
 				cert, err := tls.LoadX509KeyPair(parameters.certFile, parameters.keyFile)
 				return &cert, err
 			}},
 		},
 	}