Skip to content

Commit ab3db75

Browse files
mholtmholt
committed
If DecisionFunc errors, log it and return currentCert
1 parent cef8e27 commit ab3db75

File tree

1 file changed

+20
-17
lines changed

1 file changed

+20
-17
lines changed

handshake.go

+20-17
Original file line numberDiff line numberDiff line change
@@ -627,29 +627,35 @@ func (cfg *Config) renewDynamicCertificate(ctx context.Context, hello *tls.Clien
627627
}
628628

629629
if log != nil {
630-
log.Info("attempting certificate renewal",
630+
log = log.With(
631631
zap.String("server_name", name),
632632
zap.Strings("subjects", currentCert.Names),
633633
zap.Time("expiration", expiresAt(currentCert.Leaf)),
634634
zap.Duration("remaining", timeLeft),
635-
zap.Bool("revoked", revoked))
636-
}
637-
638-
// Make sure a certificate for this name should be obtained on-demand
639-
err := cfg.checkIfCertShouldBeObtained(name)
640-
if err != nil {
641-
// if not, remove from cache (it will be deleted from storage later)
642-
cfg.certCache.mu.Lock()
643-
cfg.certCache.removeCertificate(currentCert)
644-
cfg.certCache.mu.Unlock()
645-
unblockWaiters()
646-
return Certificate{}, err
635+
zap.Bool("revoked", revoked),
636+
)
647637
}
648638

649639
// Renew and reload the certificate
650640
renewAndReload := func(ctx context.Context, cancel context.CancelFunc) (Certificate, error) {
651641
defer cancel()
652642

643+
if log != nil {
644+
log.Info("attempting certificate renewal")
645+
}
646+
647+
// Make sure a certificate for this name should be obtained on-demand
648+
err := cfg.checkIfCertShouldBeObtained(name)
649+
if err != nil {
650+
// if not, remove from cache (it will be deleted from storage later)
651+
cfg.certCache.mu.Lock()
652+
cfg.certCache.removeCertificate(currentCert)
653+
cfg.certCache.mu.Unlock()
654+
unblockWaiters()
655+
log.Error("certificate should not be obtained", zap.Error(err))
656+
return Certificate{}, err
657+
}
658+
653659
// otherwise, renew with issuer, etc.
654660
var newCert Certificate
655661
if revoked {
@@ -679,10 +685,7 @@ func (cfg *Config) renewDynamicCertificate(ctx context.Context, hello *tls.Clien
679685

680686
if err != nil {
681687
if log != nil {
682-
log.Error("renewing and reloading certificate",
683-
zap.String("server_name", name),
684-
zap.Error(err),
685-
zap.Bool("forced", revoked))
688+
log.Error("renewing and reloading certificate", zap.Error(err))
686689
}
687690
return newCert, err
688691
}

0 commit comments

Comments
 (0)