Golang x/crypto/acme/autocert: Consider storing certificates as "*.pem" in DirCache

I recently implemented autocert to generate certificates; it works quite well for me :+1:

I did run in to one snag: the DirCache implementation stores the generated certificates as just the domain name; e.g. test.example.com, rather than test.example.com.pem.

I also use the generated certificates with an external TLS proxy (hitch), and loading the certificates like this isn't possible since it will errors out on non-certificate files like acme_account+key, which strikes me as reasonable behaviour on hitch's part.

If they would be stored as *.pem I could tell hitch to load only those files, which works.

I worked around this by wrapping the DirCache as below, but I think it might be reasonable to change the behaviour of DirCache to always do this?

// cache is like autocert.DirCache, but ensures that certificates end with .pem.
type cache struct{ dc autocert.DirCache }

func NewCache(dir string) cache { return cache{dc: autocert.DirCache(dir)} }

func (d cache) Get(ctx context.Context, key string) ([]byte, error) {
    if !strings.Contains(key, "+") {
        key += ".pem"
    }
    return d.dc.Get(ctx, key)
}

func (d cache) Delete(ctx context.Context, key string) error {
    if !strings.Contains(key, "+") {
        key += ".pem"
    }
    return d.dc.Delete(ctx, key)
}

func (d cache) Put(ctx context.Context, key string, data []byte) error {
    if !strings.Contains(key, "+") {
        key += ".pem"
    }
    return d.dc.Put(ctx, key, data)
}

Comment From: toothrot

/cc @bradfitz @x1ddos

Comment From: slrz

Given the existence of an easy workaround, I'd prefer to not change the behaviour of file name = host name.

Comment From: arp242

I wouldn't exactly call it "easy" @slrz. I mean, the code as such is easy enough to follow, but it took me a while and reading through the code to figure out that checking for + would be a reliable way to filter the non-certificate files, and it's kind of an internal detail of DirCache that may change in the future.

Comment From: seankhliao

Given how simple DirCache is... I'd say if you have different needs then either forking or wrapping are both reasonable solutions.