diff options
author | Jacob Vosmaer <jacob@gitlab.com> | 2018-03-29 17:18:27 +0300 |
---|---|---|
committer | Jacob Vosmaer <jacob@gitlab.com> | 2018-03-29 17:54:27 +0300 |
commit | a9fefd4ea6aff6618dd6231a1435da4a34df9a93 (patch) | |
tree | 223cd5fec72a5b69b72da630a4c3a1f973d96323 /internal/domain | |
parent | 0ac9dc6b6ab0517ecde4901cc7e3e371d2fe37e8 (diff) |
Make certificate parsing thread-safe
Diffstat (limited to 'internal/domain')
-rw-r--r-- | internal/domain/domain.go | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/internal/domain/domain.go b/internal/domain/domain.go index 0333cebe..f50dacd8 100644 --- a/internal/domain/domain.go +++ b/internal/domain/domain.go @@ -11,6 +11,7 @@ import ( "path/filepath" "strconv" "strings" + "sync" "time" "gitlab.com/gitlab-org/gitlab-pages/internal/httperrors" @@ -33,10 +34,12 @@ type D struct { group string // custom domains: - projectName string - config *domainConfig + projectName string + config *domainConfig + certificate *tls.Certificate certificateError error + certificateOnce sync.Once // group domains: projects projects @@ -294,18 +297,15 @@ func (d *D) EnsureCertificate() (*tls.Certificate, error) { return nil, errors.New("tls certificates can be loaded only for pages with configuration") } - if d.certificate != nil || d.certificateError != nil { - return d.certificate, d.certificateError - } - - tls, err := tls.X509KeyPair([]byte(d.config.Certificate), []byte(d.config.Key)) - if err != nil { - d.certificateError = err - return nil, err - } + d.certificateOnce.Do(func() { + var cert tls.Certificate + cert, d.certificateError = tls.X509KeyPair([]byte(d.config.Certificate), []byte(d.config.Key)) + if d.certificateError == nil { + d.certificate = &cert + } + }) - d.certificate = &tls - return d.certificate, nil + return d.certificate, d.certificateError } // ServeHTTP implements http.Handler. |