Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/acme/autocert: expired cached cert never renewed #20035

Closed
x1ddos opened this issue Apr 19, 2017 · 2 comments
Closed

x/crypto/acme/autocert: expired cached cert never renewed #20035

x1ddos opened this issue Apr 19, 2017 · 2 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@x1ddos
Copy link

x1ddos commented Apr 19, 2017

From elsewhere:

the problem that restarting a server with an expired cached cert results in the cert never being renewed.
Looking through the code I see the following call graph:

m.GetCertificate -> m.cert -> m.cacheGet -> validCert

The error from validCert is constructed if the cert is already expired: errors.New("acme/autocert: expired certificate").
That error gets passed up to GetCertificate which just errors out if the resulting error is not ErrCacheMiss.
The result is that a new cert is never created since renewal only works if a valid cert was fetched originally.

Creating this bug mostly for myself to track and fix it.
@gopherbot gopherbot added this to the Unreleased milestone Apr 19, 2017
@robpike robpike mentioned this issue Apr 25, 2017
Closed
@robpike
Copy link
Contributor

robpike commented Apr 25, 2017

This is related to the Upspin bug:

upspin/upspin#367

@bradfitz bradfitz added the NeedsFix The path to resolution is known, but the work has not been done. label Apr 25, 2017
@gopherbot
Copy link
Contributor

CL https://golang.org/cl/41690 mentions this issue.

@smasher164 smasher164 mentioned this issue Aug 1, 2017
Closed
@golang golang locked and limited conversation to collaborators Apr 25, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
acme/autocert: treat invalid cert as a cache miss
a49bdf5 
A cached cert data may be corrupted or simply contain an expired
certificate, which results in GetCertificate returning an error.

This change makes the Manager ignore those invalid and expired
cache entries, treating them as nonexistent.

Fixes golang/go#20035.

Change-Id: I5345291ecb1aab1cf19671cf0a383135c7102038
Reviewed-on: https://go-review.googlesource.com/41690
Reviewed-by: Brad Fitzpatrick <[email protected]>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
acme/autocert: treat invalid cert as a cache miss
c30c407 
A cached cert data may be corrupted or simply contain an expired
certificate, which results in GetCertificate returning an error.

This change makes the Manager ignore those invalid and expired
cache entries, treating them as nonexistent.

Fixes golang/go#20035.

Change-Id: I5345291ecb1aab1cf19671cf0a383135c7102038
Reviewed-on: https://go-review.googlesource.com/41690
Reviewed-by: Brad Fitzpatrick <[email protected]>
@rsc rsc unassigned x1ddos Jun 23, 2022
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
acme/autocert: treat invalid cert as a cache miss
1090250 
A cached cert data may be corrupted or simply contain an expired
certificate, which results in GetCertificate returning an error.

This change makes the Manager ignore those invalid and expired
cache entries, treating them as nonexistent.

Fixes golang/go#20035.

Change-Id: I5345291ecb1aab1cf19671cf0a383135c7102038
Reviewed-on: https://go-review.googlesource.com/41690
Reviewed-by: Brad Fitzpatrick <[email protected]>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
acme/autocert: treat invalid cert as a cache miss
a8a040d 
A cached cert data may be corrupted or simply contain an expired
certificate, which results in GetCertificate returning an error.

This change makes the Manager ignore those invalid and expired
cache entries, treating them as nonexistent.

Fixes golang/go#20035.

Change-Id: I5345291ecb1aab1cf19671cf0a383135c7102038
Reviewed-on: https://go-review.googlesource.com/41690
Reviewed-by: Brad Fitzpatrick <[email protected]>
desdeel2d0m added a commit to desdeel2d0m/crypto that referenced this issue Jul 1, 2024
@desdeel2d0m
acme/autocert: treat invalid cert as a cache miss
29790c0 
A cached cert data may be corrupted or simply contain an expired
certificate, which results in GetCertificate returning an error.

This change makes the Manager ignore those invalid and expired
cache entries, treating them as nonexistent.

Fixes golang/go#20035.

Change-Id: I5345291ecb1aab1cf19671cf0a383135c7102038
Reviewed-on: https://go-review.googlesource.com/41690
Reviewed-by: Brad Fitzpatrick <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@bradfitz @x1ddos @robpike @gopherbot