make TLS reload thread-safe on TCP listener
This commit is contained in:
Aine
@@ -3,6 +3,7 @@ package smtp
|
|||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"net"
|
"net"
|
||||||
|
"sync"
|
||||||
|
|
||||||
"gitlab.com/etke.cc/go/logger"
|
"gitlab.com/etke.cc/go/logger"
|
||||||
)
|
)
|
||||||
@@ -12,6 +13,7 @@ type Listener struct {
|
|||||||
log *logger.Logger
|
log *logger.Logger
|
||||||
done chan struct{}
|
done chan struct{}
|
||||||
tls *tls.Config
|
tls *tls.Config
|
||||||
|
tlsMu sync.Mutex
|
||||||
listener net.Listener
|
listener net.Listener
|
||||||
isBanned func(net.Addr) bool
|
isBanned func(net.Addr) bool
|
||||||
}
|
}
|
||||||
@@ -32,7 +34,9 @@ func NewListener(port string, tlsConfig *tls.Config, isBanned func(net.Addr) boo
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (l *Listener) SetTLSConfig(cfg *tls.Config) {
|
func (l *Listener) SetTLSConfig(cfg *tls.Config) {
|
||||||
|
l.tlsMu.Lock()
|
||||||
l.tls = cfg
|
l.tls = cfg
|
||||||
|
l.tlsMu.Unlock()
|
||||||
}
|
}
|
||||||
|
|
||||||
// Accept waits for and returns the next connection to the listener.
|
// Accept waits for and returns the next connection to the listener.
|
||||||
@@ -57,12 +61,19 @@ func (l *Listener) Accept() (net.Conn, error) {
|
|||||||
l.log.Info("accepted connection from %q", conn.RemoteAddr())
|
l.log.Info("accepted connection from %q", conn.RemoteAddr())
|
||||||
|
|
||||||
if l.tls != nil {
|
if l.tls != nil {
|
||||||
return tls.Server(conn, l.tls), nil
|
return l.acceptTLS(conn)
|
||||||
}
|
}
|
||||||
return conn, nil
|
return conn, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (l *Listener) acceptTLS(conn net.Conn) (net.Conn, error) {
|
||||||
|
l.tlsMu.Lock()
|
||||||
|
defer l.tlsMu.Unlock()
|
||||||
|
|
||||||
|
return tls.Server(conn, l.tls), nil
|
||||||
|
}
|
||||||
|
|
||||||
// Close closes the listener.
|
// Close closes the listener.
|
||||||
// Any blocked Accept operations will be unblocked and return errors.
|
// Any blocked Accept operations will be unblocked and return errors.
|
||||||
func (l *Listener) Close() error {
|
func (l *Listener) Close() error {
|
||||||
|
|||||||
@@ -174,7 +174,7 @@ func (m *Manager) listen(port string, tlsConfig *tls.Config) {
|
|||||||
|
|
||||||
// loadTLSConfig returns true if certs were loaded and false if not
|
// loadTLSConfig returns true if certs were loaded and false if not
|
||||||
func (m *Manager) loadTLSConfig() bool {
|
func (m *Manager) loadTLSConfig() bool {
|
||||||
m.log.Debug("loading SSL certs...")
|
m.log.Info("(re)loading TLS config")
|
||||||
if len(m.tls.Certs) == 0 || len(m.tls.Keys) == 0 {
|
if len(m.tls.Certs) == 0 || len(m.tls.Keys) == 0 {
|
||||||
m.log.Warn("SSL certificates are not provided")
|
m.log.Warn("SSL certificates are not provided")
|
||||||
return false
|
return false
|
||||||
|
|||||||
Reference in New Issue
Block a user