Revert "Only create new client if ca file changed"

This reverts commit c63387b.
prometheus · Nov 30, 2021 · de05404 · de05404
1 parent c63387b
commit de05404
Showing 1 changed file with 13 additions and 16 deletions.
diff --git a/config/http_config.go b/config/http_config.go
@@ -847,30 +847,27 @@ func (t *tlsRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 	}
 
 	t.mtx.RLock()
-	caEqual := bytes.Equal(caHash[:], t.hashCAFile)
-	certKeyEqual := bytes.Equal(certHash[:], t.hashCertFile) && bytes.Equal(keyHash[:], t.hashKeyFile)
+	equal := bytes.Equal(caHash[:], t.hashCAFile) &&
+		bytes.Equal(certHash[:], t.hashCertFile) &&
+		bytes.Equal(keyHash[:], t.hashKeyFile)
 	rt := t.rt
 	t.mtx.RUnlock()
-	if caEqual && certKeyEqual {
+	if equal {
 		// The CA cert hasn't changed, use the existing RoundTripper.
 		return rt.RoundTrip(req)
 	}
 
+	// Create a new RoundTripper.
 	// The cert and key files are read separately by the client
-	// using GetClientCertificate, therefore the RoundTripper
-	// doesn't need to be updated if only they are changed.
-	if !caEqual {
-		// Create a new RoundTripper.
-		tlsConfig := t.tlsConfig.Clone()
-		if !updateRootCA(tlsConfig, caData) {
-			return nil, fmt.Errorf("unable to use specified CA cert %s", t.caFile)
-		}
-		rt, err = t.newRT(tlsConfig)
-		if err != nil {
-			return nil, err
-		}
+	// using GetClientCertificate.
+	tlsConfig := t.tlsConfig.Clone()
+	if !updateRootCA(tlsConfig, caData) {
+		return nil, fmt.Errorf("unable to use specified CA cert %s", t.caFile)
+	}
+	rt, err = t.newRT(tlsConfig)
+	if err != nil {
+		return nil, err
 	}
-
 	t.CloseIdleConnections()
 
 	t.mtx.Lock()