mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-25 18:11:27 +00:00
Merge pull request #589 from bhoppi/main
Fix: new cert issuing is incorrectly delayed
This commit is contained in:
commit
7a9e72b133
|
@ -121,7 +121,7 @@ func isCertificateExpired(c *tls.Certificate) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate.
|
// If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate.
|
||||||
return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(-time.Minute))
|
return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(time.Minute*2))
|
||||||
}
|
}
|
||||||
|
|
||||||
func issueCertificate(rawCA *Certificate, domain string) (*tls.Certificate, error) {
|
func issueCertificate(rawCA *Certificate, domain string) (*tls.Certificate, error) {
|
||||||
|
@ -173,6 +173,9 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
|
||||||
for _, certificate := range c.Certificates {
|
for _, certificate := range c.Certificates {
|
||||||
if !isCertificateExpired(&certificate) {
|
if !isCertificateExpired(&certificate) {
|
||||||
newCerts = append(newCerts, certificate)
|
newCerts = append(newCerts, certificate)
|
||||||
|
} else if certificate.Leaf != nil {
|
||||||
|
expTime := certificate.Leaf.NotAfter.Format(time.RFC3339)
|
||||||
|
newError("old certificate for ", domain, " (expire on ", expTime, ") discarded").AtInfo().WriteToLog()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,6 +193,14 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
|
||||||
newError("failed to issue new certificate for ", domain).Base(err).WriteToLog()
|
newError("failed to issue new certificate for ", domain).Base(err).WriteToLog()
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
parsed, err := x509.ParseCertificate(newCert.Certificate[0])
|
||||||
|
if err == nil {
|
||||||
|
newCert.Leaf = parsed
|
||||||
|
expTime := parsed.NotAfter.Format(time.RFC3339)
|
||||||
|
newError("new certificate for ", domain, " (expire on ", expTime, ") issued").AtInfo().WriteToLog()
|
||||||
|
} else {
|
||||||
|
newError("failed to parse new certificate for ", domain).Base(err).WriteToLog()
|
||||||
|
}
|
||||||
|
|
||||||
access.Lock()
|
access.Lock()
|
||||||
c.Certificates = append(c.Certificates, *newCert)
|
c.Certificates = append(c.Certificates, *newCert)
|
||||||
|
|
Loading…
Reference in a new issue