From 45622744e8e10378eb08402606be9159fef8b629 Mon Sep 17 00:00:00 2001 From: Eliza Weisman Date: Fri, 15 Jun 2018 17:32:55 -0700 Subject: [PATCH] Attempt to load TLS settings immediately prior to starting watch (#1137) Previously, the proxy would not attempt to load its TLS certificates until a fs watch detected that one of them had changed. This means that if the proxy was started with valid files already at the configured paths, it would not load them until one of the files changed. This branch fixes that issue by starting the stream of changes with one event _followed_ by any additional changes detected by watching the filesystem. I've manually tested that this fixes the issue, both on Linux and on macOS, and can confirm that this fixes the issue. In addition, when I start writing integration tests for certificate reloading, I'll make sure to include a test to detect any regressions. Closes #1133. Signed-off-by: Eliza Weisman --- proxy/src/transport/tls/config.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/proxy/src/transport/tls/config.rs b/proxy/src/transport/tls/config.rs index ba3b93298..f0a20cc2b 100644 --- a/proxy/src/transport/tls/config.rs +++ b/proxy/src/transport/tls/config.rs @@ -14,7 +14,7 @@ use super::{ webpki, }; -use futures::{future, Future, Stream}; +use futures::{future, stream, Future, Stream}; use futures_watch::Watch; /// Not-yet-validated settings that are used for both TLS clients and TLS @@ -89,7 +89,10 @@ impl CommonSettings { let paths = self.paths().iter() .map(|&p| p.clone()) .collect::>(); - ::fs_watch::stream_changes(paths, interval) + // Generate one "change" immediately before starting to watch + // the files, so that we'll try to load them now if they exist. + stream::once(Ok(())) + .chain(::fs_watch::stream_changes(paths, interval)) .filter_map(move |_| { CommonConfig::load_from_disk(&self) .map_err(|e| warn!("error reloading TLS config: {:?}, falling back", e))