jmunson
commented
2 years ago Unless I'm missing something, this looks like it would result in a stale certificate staying in memory until your program is restarted. I don't know if it would be appropriate to register a SIGHUP handler in a library to drop the cache, but that would be preferable to needing to restart the service.
Or maybe we could still stat() the file on connect time and re-parse if mtime is newer than what we have cached?
Previously, we would reload and re-parse a certificate from disk every single time we initialized a connection and the sslrootcert setting was enabled. This results in a lot of allocations that can be avoided.
Instead, save the *tls.Config for a given configuration hash, and reuse it when we see it again.
Fixes #1032.