clear memoized x509 cert on Cert#cert_pem assignment #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When a Puma::Acme::Cert is renewed, the new cert is assigned by calling the cert_pem= method. The instance memoizes the parsed OpenSSL x509 object, but was not taking changes to the cert_pem into account. This was causing renewed certs to keep using the old expir(ed/ing) cert instead of the replacement. The pstore library is capable of marshaling & unmarshaling the @x509 member, so this inconsistency is present in instances loaded from the pstore cache.
geemus
reviewed
Jul 1, 2024
geemus
approved these changes
Jul 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a
Puma::Acme::Certis renewed, the new cert is assigned by calling thecert_pem=method. The instance memoizes the parsed OpenSSL x509 object, but was not taking changes to thecert_peminto account. This was causing renewed certs to keep using the old expired/expiring cert instead of the replacement. The pstore library is capable of marshaling & unmarshaling the@x509member, so this inconsistency is present in instances loaded from the pstore cache.