Wrap Listener to also return dynamiclistener config

listener.go

@@ -34,12 +34,18 @@ type SetFactory interface {
 	SetFactory(tls TLSFactory)
 }
 
+type Listener struct {
+	TLSListener net.Listener
+	Handler     http.Handler
+	Listener    *listener
+}
+
 // Deprecated: Use NewListenerWithChain instead as it supports intermediate CAs
-func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, caKey crypto.Signer, config Config) (net.Listener, http.Handler, error) {
+func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, caKey crypto.Signer, config Config) (*Listener, error) {
 	return NewListenerWithChain(l, storage, []*x509.Certificate{caCert}, caKey, config)
 }
 
-func NewListenerWithChain(l net.Listener, storage TLSStorage, caCert []*x509.Certificate, caKey crypto.Signer, config Config) (net.Listener, http.Handler, error) {
+func NewListenerWithChain(l net.Listener, storage TLSStorage, caCert []*x509.Certificate, caKey crypto.Signer, config Config) (*Listener, error) {
 	if config.CN == "" {
 		config.CN = "dynamic"
 	}
@@ -85,15 +91,14 @@ func NewListenerWithChain(l net.Listener, storage TLSStorage, caCert []*x509.Cer
 		setter.SetFactory(dynamicListener.factory)
 	}
 
-	if config.RegenerateCerts != nil && config.RegenerateCerts() {
-		if err := dynamicListener.regenerateCerts(); err != nil {
-			return nil, nil, err
-		}
-	}
-
 	tlsListener := tls.NewListener(dynamicListener.WrapExpiration(config.ExpirationDaysCheck), dynamicListener.tlsConfig)
 
-	return tlsListener, dynamicListener.cacheHandler(), nil
+	return &Listener{
+		TLSListener: tlsListener,
+		Handler:     dynamicListener.cacheHandler(),
+		Listener:    dynamicListener,
+	}, nil
+
 }
 
 func allowDefaultSANs(sans []string, next func(...string) []string) func(...string) []string {
@@ -143,7 +148,6 @@ type Config struct {
 	MaxSANs               int
 	ExpirationDaysCheck   int
 	CloseConnOnCertChange bool
-	RegenerateCerts       func() bool
 	FilterCN              func(...string) []string
 }
 
@@ -202,9 +206,9 @@ func (l *listener) WrapExpiration(days int) net.Listener {
 	}
 }
 
-// regenerateCerts regenerates the used certificates and
+// RegenerateCerts regenerates the used certificates and
 // updates the secret.
-func (l *listener) regenerateCerts() error {
+func (l *listener) RegenerateCerts() error {
 	l.Lock()
 	defer l.Unlock()
 

server/server.go

@@ -144,12 +144,12 @@ func getTLSListener(ctx context.Context, tcp net.Listener, handler http.Handler,
 		return nil, nil, err
 	}
 
-	listener, dynHandler, err := dynamiclistener.NewListenerWithChain(tcp, storage, caCert, caKey, opts.TLSListenerConfig)
+	listener, err := dynamiclistener.NewListenerWithChain(tcp, storage, caCert, caKey, opts.TLSListenerConfig)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	return listener, wrapHandler(dynHandler, handler), nil
+	return listener.TLSListener, wrapHandler(listener.Handler, handler), nil
 }
 
 func getCA(opts ListenOpts) ([]*x509.Certificate, crypto.Signer, error) {