Skip to content

gofish/certinel

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
fswatcher
fswatcher
 
 
.gitignore
.gitignore
 
 
.golangci.yaml
.golangci.yaml
 
 
.travis.yml
.travis.yml
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
certinel.go
certinel.go
 
 
certinel_test.go
certinel_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

certinel Travis CI GoDoc

Certinel is a Go library that makes it even easier to implement zero-hit TLS certificate changes by watching for certificate changes for you. The methods required by tls.Config are already implemented for you.

Right now there's support for listening to file system events on Linux, BSDs, and Windows using the fsnotify library.

Usage

Create the certinel instance, start it with Watch, then pass the GetCertificate method to your tls.Config instance.

package main

import (
	"crypto/tls"
	"log"
	"net/http"

	"github.com/cloudflare/certinel"
	"github.com/cloudflare/certinel/fswatcher"
)

func main() {
	watcher, err := fswatcher.New("/etc/ssl/app.pem", "/etc/ssl/app.key")
	if err != nil {
		log.Fatalf("fatal: unable to read server certificate. err='%s'", err)
	}
	sentinel := certinel.New(watcher, func(err error) {
		log.Printf("error: certinel was unable to reload the certificate. err='%s'", err)
	})

	sentinel.Watch()

	server := http.Server{
		Addr: ":8000",
		TLSConfig: &tls.Config{
			GetCertificate: sentinel.GetCertificate,
		},
	}
	
	server.ListenAndServeTLS("", "")
}

About

A sentry for zero-hit TLS certificate changes in Go

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

 
 
 

Contributors

Languages

  • Go 100.0%