Skip to content
This repository has been archived by the owner on Nov 22, 2023. It is now read-only.

Reload certs between retries #83

Open
mcpherrinm opened this issue Jun 24, 2019 · 0 comments
Open

Reload certs between retries #83

mcpherrinm opened this issue Jun 24, 2019 · 0 comments

Comments

@mcpherrinm
Copy link
Contributor

I think we only reload certs when we start a sync.

But if a client cert is invalid (eg, expired), there's no point in retrying with the same cert.

We saw this after a host had its renewal fail to happen on time, and then once we kicked the renewal, keysync still failed until it gave up retrying. We could have cut down the failure window here.
mcpherrinm added a commit that referenced this issue Aug 9, 2019
@mcpherrinm
WIP: Rebuild client after backoff
7269b4c 
TODO:  If we do this all the time, it may increase server CPU as we'll make a
new TLS connection.  So we might want something a bit smarter than this.

But it might fix some issues as outlined in Issue #83
@mcpherrinm mcpherrinm mentioned this issue Aug 9, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mcpherrinm