search

nats-io / nats.go

Golang client for NATS, the cloud native messaging system.
https://nats.io
Apache License 2.0
5.51k stars 694 forks source link

Automatically detect and handle certificate changes #1363

Open jarretlavallee opened 1 year ago

jarretlavallee commented 1 year ago

Feature Request

Add the ability for the client to detect certificate changes or expiration and automatically reconnect.

Use Case:

It is common to use mTLS client connections with a certificate management system like cert-manager. With this configuration, the certificate may be renewed during the application's lifetime, especially if the certificate has a short TTL. Currently, this means that the application would need to call Connect() again and set up all of the subscriptions, etc. Usually, it is easier to just crash and restart the application.

Proposed Change:

The client automatically reloads the certificate and reconnects when the certificate has expired or is changed.

Who Benefits From The Change(s)?

Anyone that uses mTLS client connections and short TTLs. This problem can be seen in nack and surveyor today if using shorter TTLs in the certificates.

Alternative Approaches

Add a method that the application can call to reload the certificates and reconnect.

nh3000-org commented 1 year ago

Question: If the cert expires, it needs to be regenerated and signed by the server to be reloaded so how does a cert reload work?