Skip to content

feat: automatic mTLS certificate regeneration and retry mechanism #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fioan89 merged 2 commits into from
Dec 1, 2025
Merged

feat: automatic mTLS certificate regeneration and retry mechanism #224

fioan89 merged 2 commits into from
Dec 1, 2025

Conversation

@fioan89
Copy link
Collaborator

@fioan89 fioan89 commented Nov 26, 2025

This adds support for automatically recovering from SSL handshake errors when certificates expired. When an SSL error occurs, the plugin will now attempt to execute a configured external command to refresh certificates. If successful, the SSL context is reloaded and the failed request is transparently retried. This improves reliability in environments with short-lived or frequently rotating certificates.

Netflix requested this, they don't have a reliable mechanism to detect and refresh the certificates before any major disruption in Coder Toolbox.

@fioan89
feat: automatic mTLS certificate regeneration and retry mechanism
3f5c8c4 
This adds support for automatically recovering from SSL handshake errors when certificates expired.
When an SSL error occurs, the plugin will now attempt to execute a configured external command
to refresh certificates. If successful, the SSL context is reloaded and the failed request is
transparently retried. This improves reliability in environments with short-lived or frequently
rotating certificates.

Netflix requested this, they don't have a reliable mechanism to detect and refresh the certificates
before any major disruption in Coder Toolbox.
@fioan89
chore: update changelog
e3d42e9
@fioan89 fioan89 marked this pull request as draft November 26, 2025 22:07
code-asher
code-asher approved these changes Dec 1, 2025
View reviewed changes
Copy link
Member

@code-asher code-asher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Neat! Do you know if we have plans to do this for the VS Code extension as well?

@fioan89 fioan89 marked this pull request as ready for review December 1, 2025 23:03
@fioan89
Copy link
Collaborator Author

fioan89 commented Dec 1, 2025

Neat! Do you know if we have plans to do this for the VS Code extension as well?

Yes.. it should be and I talked with @jcjiang to implement this on VS Code but I'm not sure when it will be. Netflix was apparently keen to have this in Toolbox.

@fioan89 fioan89 merged commit 912237d into main Dec 1, 2025
6 checks passed
@fioan89 fioan89 deleted the support-for-mtls-cert-refresh branch December 1, 2025 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@code-asher code-asher code-asher approved these changes

@f0ssel f0ssel Awaiting requested review from f0ssel

@jcjiang jcjiang Awaiting requested review from jcjiang

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fioan89 @code-asher