mirrors/hysteria
1
0
Fork 0
mirror of https://github.com/apernet/hysteria.git synced 2025-04-03 04:27:39 +03:00
Code Issues Projects Releases Packages Wiki Activity

feat: allow runtime TLS cert updates

Browse source
This commit is contained in:
Toby 2023-12-29 15:06:19 -08:00
parent f0c7af50a5
commit c4993f8dd1
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/cmd/server.go
View file

@ -252,11 +252,12 @@ func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
if c.TLS.Cert == "" || c.TLS.Key == "" {
return configError{Field: "tls", Err: errors.New("empty cert or key path")}
}
cert, err := tls.LoadX509KeyPair(c.TLS.Cert, c.TLS.Key)
if err != nil {
return configError{Field: "tls", Err: err}
// Use GetCertificate instead of Certificates so that
// users can update the cert without restarting the server.
hyConfig.TLSConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
cert, err := tls.LoadX509KeyPair(c.TLS.Cert, c.TLS.Key)
return &cert, err
}
hyConfig.TLSConfig.Certificates = []tls.Certificate{cert}
} else {
// ACME
dataDir := c.ACME.Dir