chore: using tls.Config.GetCertificate/GetClientCertificate to load TLS certificates

2026-02-26 16:57:08 +00:00 · 2025-12-19 12:08:44 +08:00
parent 17966b5418
commit cbcacdbb8c
13 changed files with 127 additions and 51 deletions
--- a/component/ca/config.go
+++ b/component/ca/config.go
@@ -107,12 +107,13 @@ func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) {
 	}

 	if len(opt.Certificate) > 0 || len(opt.PrivateKey) > 0 {
-		var cert tls.Certificate
-		cert, err = LoadTLSKeyPair(opt.Certificate, opt.PrivateKey, C.Path)
+		certLoader, err := NewTLSKeyPairLoader(opt.Certificate, opt.PrivateKey, C.Path)
 		if err != nil {
 			return nil, err
 		}
-		tlsConfig.Certificates = []tls.Certificate{cert}
+		tlsConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
+			return certLoader()
+		}
 	}
 	return tlsConfig, nil
 }