Skip to content

Check certFile modification time instead of keyFile#3178

Open
rossnelson wants to merge 1 commit intomainfrom
fix/tls-cert-file-mtime
Open

Check certFile modification time instead of keyFile#3178
rossnelson wants to merge 1 commit intomainfrom
fix/tls-cert-file-mtime

Conversation

@rossnelson
Copy link
Collaborator

@rossnelson rossnelson commented Feb 24, 2026

Summary

  • Check certFile modification time instead of keyFile when detecting certificate changes
  • When a certificate is renewed using the same key, the key file remains unchanged — so the old cert was never reloaded
  • Adds test case for cert renewal with key reuse

Based on #2805 by @ndtretyak.

Test plan

  • Existing test passes (regenerate both cert and key)
  • New test passes (regenerate only cert with same key)

@rossnelson
Check certFile modification time instead of keyFile
4fc601e 
The certLoader was using keyFile's modification time to detect
certificate changes. When a certificate is renewed using the same key,
the keyFile remains unchanged and the new cert is never loaded.

This switches to checking certFile's modification time, which correctly
detects renewals regardless of whether the key was rotated.

Based on #2805 by @ndtretyak.
@rossnelson rossnelson requested a review from a team as a code owner February 24, 2026 14:29
@rossnelson rossnelson requested review from andrewzamojc and removed request for a team February 24, 2026 14:29
@vercel
Copy link

vercel bot commented Feb 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
holocene Ready Ready Preview, Comment Feb 24, 2026 2:30pm

Request Review

@rossnelson rossnelson mentioned this pull request Feb 24, 2026
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@laurakwhit laurakwhit laurakwhit approved these changes

@andrewzamojc andrewzamojc Awaiting requested review from andrewzamojc andrewzamojc is a code owner automatically assigned from temporalio/frontend-engineering

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rossnelson @laurakwhit