akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

lnd: regenerate TLS certs when they expire

Browse Source
This commit is contained in:
Turtle 2019-04-25 03:09:45 -04:00
parent 8e6b903476
commit f0b2abaec8
1 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lnd.go
View File

@ -437,13 +437,39 @@ func getTLSConfig(cfg *config) (*tls.Config, *credentials.TransportCredentials,
} }
} }
cert, err := tls.LoadX509KeyPair(cfg.TLSCertPath, cfg.TLSKeyPath) certData, err := tls.LoadX509KeyPair(cfg.TLSCertPath, cfg.TLSKeyPath)
if err != nil { if err != nil {
return nil, nil, "", err return nil, nil, "", err
} }
cert, err := x509.ParseCertificate(certData.Certificate[0])
if err != nil {
return nil, nil, "", err
}
// If the certificate expired, delete it and the TLS key and generate a new pair
if time.Now().After(cert.NotAfter) {
ltndLog.Info("TLS certificate is expired, generating a new one")
err := os.Remove(cfg.TLSCertPath)
if err != nil {
return nil, nil, "", err
}
err = os.Remove(cfg.TLSKeyPath)
if err != nil {
return nil, nil, "", err
}
err = genCertPair(cfg.TLSCertPath, cfg.TLSKeyPath)
if err != nil {
return nil, nil, "", err
}
}
tlsCfg := &tls.Config{ tlsCfg := &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{certData},
CipherSuites: tlsCipherSuites, CipherSuites: tlsCipherSuites,
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
} }