Load ssl cert/key files only once

jaracil · Aug 3, 2016 · b951b53 · b951b53
1 parent f12bc85
commit b951b53
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 14 deletions.
diff --git a/listeners.go b/listeners.go
@@ -1,9 +1,9 @@
 package main
 
 import (
-	"log"
 	"net/url"
 
+	. "github.com/jaracil/nexus/log"
 	"golang.org/x/net/context"
 )
 
@@ -32,13 +32,13 @@ func listeners(ctx context.Context) {
 				go healthCheckListener(u, ctx)
 
 			default:
-				log.Println("Unknown listener: ", u)
+				Log.Errorln("Unknown listener: ", u)
 				mainCancel()
 				return
 			}
 
 		} else {
-			log.Println("Couldn't parse listener:", v)
+			Log.Errorln("Couldn't parse listener:", v)
 			mainCancel()
 			return
 		}

diff --git a/tcplistener.go b/tcplistener.go
@@ -56,21 +56,19 @@ func tcpListener(u *url.URL, ctx context.Context) {
 	}
 }
 
-func loadCerts(_ *tls.ClientHelloInfo) (*tls.Certificate, error) {
+func sslListener(u *url.URL, ctx context.Context) {
+	defer Log.Println("Listener", u, "finished")
+
+	Log.Debugln("Loading SSL cert/key")
 	cert, err := tls.LoadX509KeyPair(opts.SSL.Cert, opts.SSL.Key)
 	if err != nil {
 		Log.Errorln("Cannot load SSL cert/key:", err)
 		exit("cannot load ssl cert/key")
-		return nil, err
+		return
 	}
-	return &cert, nil
-}
-
-func sslListener(u *url.URL, ctx context.Context) {
-	defer Log.Println("Listener", u, "finished")
 
 	tlsConfig := &tls.Config{}
-	tlsConfig.GetCertificate = loadCerts
+	tlsConfig.Certificates = []tls.Certificate{cert}
 
 	listen, err := tls.Listen("tcp", u.Host, tlsConfig)
 	if err != nil && ctx.Err() == nil {
@@ -81,9 +79,6 @@ func sslListener(u *url.URL, ctx context.Context) {
 
 	Log.Println("Listening on", u)
 
-	// Server certs get loaded on first request, so we force one here to crash if certs are missing
-	loadCerts(nil)
-
 	go func() {
 		select {
 		case <-ctx.Done():