v0.4.1

v0.4.1

v0.4.0

Breaking Changes

For the v0.4.0 release, certinel underwent a large refactor with the aim of making it more simple to safely use certinel in an application. The sentinel implementations (like fswatcher) now directly implement the sentinel interface, no wrapping in a separate Sentinel struct required!

package main

import (
	"crypto/tls"
	"log"
	"net/http"

	"github.com/cloudflare/certinel/fswatcher"
	"github.com/oklog/run"
)

func main() {
	ctx, cancel := context.WithCancel(context.Background())

	certinel, err := fswatcher.New("/etc/ssl/app.pem", "/etc/ssl/app.key")
	if err != nil {
		log.Fatalf("fatal: unable to read server certificate. err='%s'", err)
	}
	
	g := run.Group{}
	{
		g.Add(func() error {
			return certinel.Start(ctx)
		}, func(err error) {
			cancel()
		})
	}
	{
		ln, _ := tls.Listen("tcp", ":8000", &tls.Config{
			GetCertificate: certinel.GetCertificate,
		})
		g.Add(func() error {
			return http.Serve(ln, nil)
		}, func(err error) {
			ln.Close()
		})
	}
	
	if err := g.Run(); err != nil {
		log.Fatalf("err='%s'", err)
	}
}

Features

This release also implements a new feature:

• The ticker package implements the sentinel interface with a simple ticker. Useful in environments not supported by the fswatcher package.

v0.3.1

• fsnotify: Support configurations where the watched certificate is a symlink. This is common when using certinel inside a Kubernetes pod and the certificate is a volume mount from a secret.
• Fix panic when calling Close immediately after Watch.

v0.3.0

• Add Wait method which blocks on initial load of certificate

v0.2.0

• Compatible with Go modules. Support for Go releases before 1.9 has been dropped. 6c55a0e

v0.1.1

Fixes

• Use atomic.Value to store certificate and avoid RWMutex. @tmthrgd ce66dc1

v0.1.0

Initial Release

• Initial GitHub release of certinel.