Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make certificates optional in ListenAndServeTLS to allow an external callback #172

Open
AlexanderMescheryakov opened this issue Oct 27, 2022 · 0 comments

Comments

@AlexanderMescheryakov
Copy link

It seems that currently it's not possible to use a callback for fetching TLS certificates on the fly. It's useful for hot replacement of certificates without a need of an application restart. That might be possibly by providing a GetCertificate callback via the tls.Config input of the Server. But the issue is that the ListenAndServeTLS(certFile, keyFile string) unconditionally fills config.Certificates and fails if the certificate files are missing. This can be fixed by means of adding an option into ListenAndServeTLS to skip the lines:
https://github.com/fiorix/go-diameter/blob/master/diam/server.go#L697

config.Certificates = make([]tls.Certificate, 1)
config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)

Or it might check if the config.GetCertificate is nil and load certificates only in that case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant