A minor patch that fixes a race condition when NewAccountFunc changes the ACMEIssuer it is called on.
A new error value is also exposed: ErrNoOCSPServerSpecified to help users determine whether stapling failed only because the certificate doesn't support OCSP.
This release has a few (relatively minor) API changes and additions to enable substantial performance improvements for large certificate deployments; for example, large and busy servers can now update a certificate cache's settings without having to make a new cache. This enables certificates already decoded into memory to remain even after a config change downstream.
:warning: As we are still pre-1.0, there are some breaking API changes in this release. Please take note :smiley:
Highlights
The Config.Manage*() methods are now (basically) a no-op if a managed certificate for the name(s) passed in is already present in the cache. It doesn't really make sense to reload the certificate from storage and decode it and replace it in the cache, because it is managed it will do that automatically when it gets renewed.
Removed Config.Unmanage() since it does not actually rely on the config at all. Replaced with Cache.RemoveManaged(). Removing a managed cert from the cache stops maintenance.
Also added Cache.Remove() which removes a certificate from the cache given its hash.
The methods which load unmanaged certs into the cache now return the cert hash.
Added Cache.SetOptions() to update a cache's config while active.
Clarified the semantics around the Storage and Locker interfaces. This should be useful for implementers.
Fixed a performance bug when On-Demand TLS was used with lots of specified domains (this is uncommon, as most uses of on-demand TLS don't know the domain names ahead of time).
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/caddyserver/certmagic from 0.18.2 to 0.19.1.
Release notes
Sourced from github.com/caddyserver/certmagic's releases.
Commits
51b3190Fix downstream race conditions with NewAccountFunc693a79bDefine a NoOCSPServerSpecified error (#245)1bdc8fdRemove flaky tests...fb1700bGetter method for cert hashf01bd63Only load uncached managed certs from storage93a28b7Make cache options updateable; new remove methodsd8b13dfAdd pki.goog to known public ACME CAs7836d86Change slice to map to avoid O(n^2) performanced8e706fREADME: fix typo in sample code and update (#243)223063dEnhance Storage/Locker comments (fix #242)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)