diff options
| author | Felix Hanley <felix@userspace.com.au> | 2025-07-22 07:50:24 +0000 |
|---|---|---|
| committer | Felix Hanley <felix@userspace.com.au> | 2025-07-22 07:50:24 +0000 |
| commit | faa33e32b5e967fdfeac96bfc39ed3d94f9514ac (patch) | |
| tree | b7605c2443a054daf1dfceca2d415d5b86445166 /vendor/github.com/smallstep/certificates/authority/linkedca.go | |
| parent | f82adc0030a993ff25cbf70cf81d75900f455e6a (diff) | |
| download | caddy-faa33e32b5e967fdfeac96bfc39ed3d94f9514ac.tar.gz caddy-faa33e32b5e967fdfeac96bfc39ed3d94f9514ac.tar.bz2 | |
Upgrade to caddy v2.10.0
Diffstat (limited to 'vendor/github.com/smallstep/certificates/authority/linkedca.go')
| -rw-r--r-- | vendor/github.com/smallstep/certificates/authority/linkedca.go | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/vendor/github.com/smallstep/certificates/authority/linkedca.go b/vendor/github.com/smallstep/certificates/authority/linkedca.go index aa8de3a..3eaa76c 100644 --- a/vendor/github.com/smallstep/certificates/authority/linkedca.go +++ b/vendor/github.com/smallstep/certificates/authority/linkedca.go @@ -110,7 +110,7 @@ func newLinkedCAClient(token string) (*linkedCaClient, error) { tlsConfig.GetClientCertificate = renewer.GetClientCertificate // Start mTLS client - conn, err := grpc.NewClient(u.Host, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) + conn, err := grpc.Dial(u.Host, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) if err != nil { return nil, errors.Wrapf(err, "error connecting %s", u.Host) } @@ -478,7 +478,10 @@ func getAuthority(sans []string) (string, error) { // getRootCertificate creates an insecure majordomo client and returns the // verified root certificate. func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) { - conn, err := grpc.NewClient(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ //nolint:gosec // used in bootstrap protocol InsecureSkipVerify: true, // lgtm[go/disabled-certificate-check] }))) @@ -486,7 +489,7 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) return nil, errors.Wrapf(err, "error connecting %s", endpoint) } - ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + ctx, cancel = context.WithTimeout(context.Background(), 15*time.Second) defer cancel() client := linkedca.NewMajordomoClient(conn) @@ -528,7 +531,11 @@ func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate, error) // login creates a new majordomo client with just the root ca pool and returns // the signed certificate and tls configuration. func login(authority, token string, csr *x509.CertificateRequest, signer crypto.PrivateKey, endpoint string, rootCAs *x509.CertPool) (*tls.Certificate, *tls.Config, error) { - conn, err := grpc.NewClient(endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ + // Connect to majordomo + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ MinVersion: tls.VersionTLS12, RootCAs: rootCAs, }))) @@ -537,7 +544,7 @@ func login(authority, token string, csr *x509.CertificateRequest, signer crypto. } // Login to get the signed certificate - ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + ctx, cancel = context.WithTimeout(context.Background(), 15*time.Second) defer cancel() client := linkedca.NewMajordomoClient(conn) |