This release has a few (relatively minor) API changes and additions to enable substantial performance improvements for large certificate deployments; for example, large and busy servers can now update a certificate cache's settings without having to make a new cache. This enables certificates already decoded into memory to remain even after a config change downstream.
⚠️ As we are still pre-1.0, there are some breaking API changes in this release. Please take note 😃
Highlights
- The
Config.Manage*()methods are now (basically) a no-op if a managed certificate for the name(s) passed in is already present in the cache. It doesn't really make sense to reload the certificate from storage and decode it and replace it in the cache, because it is managed it will do that automatically when it gets renewed. - Removed
Config.Unmanage()since it does not actually rely on the config at all. Replaced withCache.RemoveManaged(). Removing a managed cert from the cache stops maintenance. - Also added
Cache.Remove()which removes a certificate from the cache given its hash. - The methods which load unmanaged certs into the cache now return the cert hash.
- Added
Cache.SetOptions()to update a cache's config while active. - Clarified the semantics around the Storage and Locker interfaces. This should be useful for implementers.
- Fixed a performance bug when On-Demand TLS was used with lots of specified domains (this is uncommon, as most uses of on-demand TLS don't know the domain names ahead of time).
What's Changed
- README: fix typo in sample code by @bitfehler in #243
New Contributors
- @bitfehler made their first contribution in #243
Full Changelog: v0.18.2...v0.19.0