[proxy] Wildcard certificate support (#5583)

2026-04-18 08:16:39 +00:00 · 2026-03-12 16:00:28 +01:00
parent 8f389fef19
commit c545689448
5 changed files with 455 additions and 22 deletions
--- a/proxy/internal/certwatch/watcher.go
+++ b/proxy/internal/certwatch/watcher.go
@@ -67,6 +67,13 @@ func (w *Watcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, erro
 	return w.cert, nil
 }

+// Leaf returns the parsed leaf certificate, or nil if not yet loaded.
+func (w *Watcher) Leaf() *x509.Certificate {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.leaf
+}
+
 // Watch starts watching for certificate file changes. It blocks until
 // ctx is cancelled. It uses fsnotify for immediate detection and falls
 // back to polling if fsnotify is unavailable (e.g. on NFS).