From 885e4e16c836a1b637fcbd464fb6f96918f50cca Mon Sep 17 00:00:00 2001
From: Eugene Bujak <hmage@hmage.net>
Date: Tue, 19 Feb 2019 17:52:19 +0300
Subject: [PATCH] /tls/ -- prevent encryption errors when changing certificates
 mid-request

---
 app.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app.go b/app.go
index 6fdc8cf7..5485b94a 100644
--- a/app.go
+++ b/app.go
@@ -185,8 +185,13 @@ func run(args options) {
 			}
 			config.TLS = data // update warnings
 
-			// prepare cert for HTTPS server
-			cert, err := tls.X509KeyPair([]byte(config.TLS.CertificateChain), []byte(config.TLS.PrivateKey))
+			// prepare certs for HTTPS server
+			// important -- they have to be copies, otherwise changing the contents in config.TLS will break encryption for in-flight requests
+			certchain := make([]byte, len(config.TLS.CertificateChain))
+			copy(certchain, []byte(config.TLS.CertificateChain))
+			privatekey := make([]byte, len(config.TLS.PrivateKey))
+			copy(privatekey, []byte(config.TLS.PrivateKey))
+			cert, err := tls.X509KeyPair(certchain, privatekey)
 			if err != nil {
 				log.Fatal(err)
 				os.Exit(1)