certwatch

package
v0.66.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: BSD-3-Clause, AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Overview

Package certwatch watches TLS certificate files on disk and provides a hot-reloading GetCertificate callback for tls.Config.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Watcher 

type Watcher struct {
	// contains filtered or unexported fields
}

Watcher monitors TLS certificate files on disk and caches the loaded certificate in memory. It detects changes via fsnotify (with a polling fallback for filesystems like NFS that lack inotify support) and reloads the certificate pair automatically.

func NewWatcher 

func NewWatcher(certPath, keyPath string, logger *log.Logger) (*Watcher, error)

NewWatcher creates a Watcher that monitors the given cert and key files. It performs an initial load of the certificate and returns an error if the initial load fails.

func (*Watcher) GetCertificate 

func (w *Watcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate returns the current in-memory certificate. It is safe for concurrent use and compatible with tls.Config.GetCertificate.

func (*Watcher) Watch 

func (w *Watcher) Watch(ctx context.Context)

Watch starts watching for certificate file changes. It blocks until ctx is cancelled. It uses fsnotify for immediate detection and falls back to polling if fsnotify is unavailable (e.g. on NFS). Even with fsnotify active, a periodic poll runs as a safety net.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.