feat(CertificateManager): Implement on-demand certificate retrieval for missing SNI certificates. When no certificate is found for a TLS ClientHello, the system now automatically registers the domain with the Port80Handler to trigger ACME issuance and immediately falls back to using the default certificate to complete the handshake. Additionally, HTTP requests on port 80 for unrecognized domains now return a 503 indicating that certificate issuance is in progress.
This commit is contained in:
@ -1,5 +1,14 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-05-05 - 10.2.0 - feat(CertificateManager)
|
||||
Implement on-demand certificate retrieval for missing SNI certificates. When no certificate is found for a TLS ClientHello, the system now automatically registers the domain with the Port80Handler to trigger ACME issuance and immediately falls back to using the default certificate to complete the handshake. Additionally, HTTP requests on port 80 for unrecognized domains now return a 503 indicating that certificate issuance is in progress.
|
||||
|
||||
- In CertificateManager.handleSNI, if no certificate is cached, call port80Handler.addDomain to trigger on-demand provisioning.
|
||||
- Update Port80Handler.handleRequest to register unknown domains and return a 503 for ACME HTTP-01 challenge requests.
|
||||
- Emit observability events (e.g. certificateRequested) so dynamic certificate requests can be tracked.
|
||||
- Fallback to default SSL context to allow TLS handshake while certificate issuance is performed.
|
||||
- Update and extend unit and integration tests to verify the new on-demand certificate flow.
|
||||
|
||||
## 2025-05-05 - 10.1.0 - feat(smartproxy)
|
||||
Implement fallback to NetworkProxy on missing SNI and rename certProvider to certProvisionFunction in CertProvisioner
|
||||
|
||||
|
||||
Reference in New Issue
Block a user