Attempt to fix TestBootstrapClientServerRotation

This change attempts to fix the test TestBootstrapClientServerRotation. Due to the backdate, the renew options get too large, causing continuous renewals, and random errors. After experimenting with different options, truncating durations to seconds have shown better results than rounding or just use the plain time.
2 years ago · ba0b170818
parent 082734474b
commit ba0b170818
1 changed files with 5 additions and 2 deletions
--- a/ca/renew.go
+++ b/ca/renew.go
@ -60,7 +60,10 @@ func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenewerOption
 		}
 	}

-	period := cert.Leaf.NotAfter.Sub(cert.Leaf.NotBefore)
+	// Use the current time to calculate the initial period. Using a notBefore
+	// in the past might set a renewBefore too large, causing continuous
+	// renewals due to the negative values in nextRenewDuration.
+	period := cert.Leaf.NotAfter.Sub(time.Now().Truncate(time.Second))
 	if period < minCertDuration {
 		return nil, errors.Errorf("period must be greater than or equal to %s, but got %v.", minCertDuration, period)
 	}
@ -181,7 +184,7 @@ func (r *TLSRenewer) renewCertificate() {
 }

 func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Duration {
-	d := time.Until(notAfter) - r.renewBefore
+	d := time.Until(notAfter).Truncate(time.Second) - r.renewBefore
 	n := rand.Int63n(int64(r.renewJitter))
 	d -= time.Duration(n)
 	if d < 0 {