[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [snowflake/master] Add a DirCache for certificates under TOR_PT_STATE_LOCATION.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [snowflake/master] Add a DirCache for certificates under TOR_PT_STATE_LOCATION.
From: dcf@xxxxxxxxxxxxxx
Date: Fri, 31 Mar 2017 02:16:53 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Mar 2017 22:17:27 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Fifield <david@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 1f8be86a01bcd322ee89c1d1b749406d4b03273c
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Sat Jan 21 14:10:10 2017 -0800

    Add a DirCache for certificates under TOR_PT_STATE_LOCATION.
    
    This way, we don't lose state of certificates every time the process is
    restarted. There's a possibility, otherwise, that if you have to restart
    the server rapidly, you might run into Let's Encrypt rate limits and be
    unable to create a cert for a while.
    https://godoc.org/rsc.io/letsencrypt#hdr-Persistent_Storage
---
 server/server.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/server/server.go b/server/server.go
index 62f166d..aec9b51 100644
--- a/server/server.go
+++ b/server/server.go
@@ -19,6 +19,7 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"path/filepath"
 	"strings"
 	"sync"
 	"syscall"
@@ -216,6 +217,14 @@ func startServer(ln net.Listener) (net.Listener, error) {
 	return ln, nil
 }
 
+func getCertificateCacheDir() (string, error) {
+	stateDir, err := pt.MakeStateDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(stateDir, "snowflake-certificate-cache"), nil
+}
+
 func main() {
 	var acmeEmail string
 	var acmeHostnamesCommas string
@@ -253,10 +262,21 @@ func main() {
 	var certManager *autocert.Manager
 	if !disableTLS {
 		log.Printf("ACME hostnames: %q", acmeHostnames)
+
+		var cache autocert.Cache
+		cacheDir, err := getCertificateCacheDir()
+		if err == nil {
+			log.Printf("caching ACME certificates in directory %q", cacheDir)
+			cache = autocert.DirCache(cacheDir)
+		} else {
+			log.Printf("disabling ACME certificate cache: %s", err)
+		}
+
 		certManager = &autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(acmeHostnames...),
 			Email:      acmeEmail,
+			Cache:      cache,
 		}
 	}
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [meek/master] Deemphazise --disable-tls in the meek-server man page.
Next by Author: [tor-commits] [meek/master] Export certContext.GetCertificate.
Previous by thread: [tor-commits] [snowflake/master] Merge branch 'letsencrypt'
Next by thread: [tor-commits] [meek/master] Use ServerTransportListenAddr instead of --port where possible.
Index(es):
- Author
- Thread