mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2025-04-30 21:21:42 +03:00
home: imp code
This commit is contained in:
Stanislav Chzhen
parent
3c985959de
commit
986aebff79
2 changed files with 12 additions and 15 deletions
|
|
@ -664,7 +664,8 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}, sigHdlr *signalH
|
||||||
globalContext.auth, err = initUsers()
|
globalContext.auth, err = initUsers()
|
||||||
fatalOnError(err)
|
fatalOnError(err)
|
||||||
|
|
||||||
tlsMgr, err := newTLSManager(ctx, slogLogger, config.TLS, config.DNS.ServePlainDNS)
|
tlsMgrLogger := slogLogger.With(slogutil.KeyPrefix, "tls_manager")
|
||||||
|
tlsMgr, err := newTLSManager(ctx, tlsMgrLogger, config.TLS, config.DNS.ServePlainDNS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("initializing tls: %s", err)
|
log.Error("initializing tls: %s", err)
|
||||||
onConfigModified()
|
onConfigModified()
|
||||||
|
|
|
||||||
|
|
@ -50,16 +50,16 @@ type tlsManager struct {
|
||||||
|
|
||||||
// newTLSManager initializes the manager of TLS configuration. m is always
|
// newTLSManager initializes the manager of TLS configuration. m is always
|
||||||
// non-nil while any returned error indicates that the TLS configuration isn't
|
// non-nil while any returned error indicates that the TLS configuration isn't
|
||||||
// valid. Thus TLS may be initialized later, e.g. via the web UI. baseLogger
|
// valid. Thus TLS may be initialized later, e.g. via the web UI. logger must
|
||||||
// must not be nil.
|
// not be nil.
|
||||||
func newTLSManager(
|
func newTLSManager(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
baseLogger *slog.Logger,
|
logger *slog.Logger,
|
||||||
conf tlsConfigSettings,
|
conf tlsConfigSettings,
|
||||||
servePlainDNS bool,
|
servePlainDNS bool,
|
||||||
) (m *tlsManager, err error) {
|
) (m *tlsManager, err error) {
|
||||||
m = &tlsManager{
|
m = &tlsManager{
|
||||||
logger: baseLogger.With(slogutil.KeyPrefix, "tls_manager"),
|
logger: logger,
|
||||||
status: &tlsConfigStatus{},
|
status: &tlsConfigStatus{},
|
||||||
conf: conf,
|
conf: conf,
|
||||||
servePlainDNS: servePlainDNS,
|
servePlainDNS: servePlainDNS,
|
||||||
|
|
@ -142,23 +142,18 @@ func (m *tlsManager) reload(ctx context.Context) {
|
||||||
certPath := tlsConf.CertificatePath
|
certPath := tlsConf.CertificatePath
|
||||||
fi, err := os.Stat(certPath)
|
fi, err := os.Stat(certPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
m.logger.ErrorContext(
|
m.logger.ErrorContext(ctx, "checking certificate file", slogutil.KeyError, err)
|
||||||
ctx,
|
|
||||||
"no certificate file at path",
|
|
||||||
"cert_path", certPath,
|
|
||||||
slogutil.KeyError, err,
|
|
||||||
)
|
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if fi.ModTime().UTC().Equal(m.certLastMod) {
|
if fi.ModTime().UTC().Equal(m.certLastMod) {
|
||||||
m.logger.DebugContext(ctx, "certificate file isn't modified")
|
m.logger.InfoContext(ctx, "certificate file is not modified")
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
m.logger.DebugContext(ctx, "certificate file is modified")
|
m.logger.InfoContext(ctx, "certificate file is modified")
|
||||||
|
|
||||||
m.confLock.Lock()
|
m.confLock.Lock()
|
||||||
err = m.load(ctx)
|
err = m.load(ctx)
|
||||||
|
|
@ -573,11 +568,12 @@ func (m *tlsManager) validateCertChain(
|
||||||
pool.AddCert(cert)
|
pool.AddCert(cert)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(others) > 0 {
|
othersLen := len(others)
|
||||||
|
if othersLen > 0 {
|
||||||
m.logger.InfoContext(
|
m.logger.InfoContext(
|
||||||
ctx,
|
ctx,
|
||||||
"verifying certificate chain: got an intermediate cert",
|
"verifying certificate chain: got an intermediate cert",
|
||||||
"num", len(others),
|
"num", othersLen,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue