Stop rotation goroutine on config unload

2025-12-08 06:09:53 +00:00 · 2025-11-24 15:54:05 -07:00 · 2025-11-24 15:54:05 -07:00 · 04e70bbaa0
commit 04e70bbaa0
parent 57d6671ac6
1 changed files with 12 additions and 7 deletions
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@ -423,13 +423,18 @@ func (t *TLS) Start() error {

 		// keep ECH keys rotated
 		go func() {
-			for range time.Tick(1 * time.Hour) {
-				// ensure old keys are rotated out
-				t.EncryptedClientHello.configsMu.Lock()
-				err = t.EncryptedClientHello.rotateECHKeys(t.ctx, echLogger, false)
-				t.EncryptedClientHello.configsMu.Unlock()
-				if err != nil {
-					echLogger.Error("rotating ECH configs failed", zap.Error(err))
+			for {
+				select {
+				case <-time.After(1 * time.Hour):
+					// ensure old keys are rotated out
+					t.EncryptedClientHello.configsMu.Lock()
+					err = t.EncryptedClientHello.rotateECHKeys(t.ctx, echLogger, false)
+					t.EncryptedClientHello.configsMu.Unlock()
+					if err != nil {
+						echLogger.Error("rotating ECH configs failed", zap.Error(err))
+					}
+				case <-t.ctx.Done():
+					return
 				}
 			}
 		}()