itsi 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e3af10f03274d8f16b8ef964b4c97825c85f89898c136c9d105405b46581cfdb
-  data.tar.gz: 3254b73a71c5c56e6f1cf30249b1edbd865d9ee22dc9ae350e4e93adea778c81
+  metadata.gz: 3c3da3f1e894f11eff41ba4294705e11b323b0c67ced5056ded2ba3bf3fe214e
+  data.tar.gz: 7f47c950da4d638c639a9a5045bc21c6b9a1fa33180700bce2a1605816067ce2
 SHA512:
-  metadata.gz: e7c3e0561e32e4dfcf5b06e7a0a860f715b0cc9faf8f0f52da73e7051141617d4945cabaa2acce7fed74ae110dc1591bd9b38d035d0db75d538e063254478948
-  data.tar.gz: 7065897feb5a41ffe7cb5e2e0d7ca38790ed26498e2a0ed203a2575c95895ca6c9d22a9f2a45ba66ed599399ad6f0b4b50f229f34b074a1994ae560ab5774e2a
+  metadata.gz: 97a77b338eb51a461bc93d8f822111cd7582105252174fd4b29665eb6be508acb1ad314afa4286bba915d57da38d78922a81cc7a32c61a9c95495aee6f348aff
+  data.tar.gz: 0c1484b3474f3a1acf5df54eeb0657a1dc4e5fb8d63a388576f39a9883e6bb19acb9630fedb19852d55c78bf4d81553ab0337201a573516c9a52da66988959a9

data/Cargo.lock

@@ -434,7 +434,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -479,6 +479,16 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "fs2"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9564fc758e15025b46aa6643b1b77d047d1a56a1aea6e01002ac0c7026876213"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
 [[package]]
 name = "fs_extra"
 version = "1.3.0"
@@ -974,10 +984,12 @@ name = "itsi-server"
 version = "0.1.0"
 dependencies = [
  "async-channel",
+ "async-trait",
  "base64",
  "bytes",
  "crossbeam",
  "derive_more",
+ "fs2",
  "futures",
  "http",
  "http-body-util",
@@ -993,6 +1005,7 @@ dependencies = [
  "pin-project",
  "rb-sys",
  "rcgen",
+ "ring",
  "rustls",
  "rustls-pemfile",
  "socket2",
@@ -1480,7 +1493,7 @@ dependencies = [
  "once_cell",
  "socket2",
  "tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1684,9 +1697,9 @@ dependencies = [
 
 [[package]]
 name = "ring"
-version = "0.17.11"
+version = "0.17.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da5349ae27d3887ca812fb375b45a4fbb36d8d12d2df394968cd86e35683fe73"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
 dependencies = [
  "cc",
  "cfg-if",
@@ -1733,7 +1746,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.4.15",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1746,7 +1759,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.9.2",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1997,7 +2010,7 @@ dependencies = [
  "getrandom 0.3.1",
  "once_cell",
  "rustix 1.0.1",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]

data/crates/itsi_server/Cargo.toml

@@ -41,3 +41,6 @@ tempfile = "3.18.0"
 sysinfo = "0.33.1"
 tokio-rustls-acme = "0.6.0"
 rustls = "0.23.23"
+fs2 = "0.4.3"
+ring = "0.17.14"
+async-trait = "0.1.87"

data/crates/itsi_server/src/server/listener.rs

@@ -78,8 +78,9 @@ impl TokioListener {
         {
             let mut state = state.lock().await;
             loop {
-                if let Some(event) = StreamExt::next(&mut *state).await {
-                    info!("Received acme event: {:?}", event)
+                match StreamExt::next(&mut *state).await {
+                    Some(event) => info!("Received acme event: {:?}", event),
+                    None => error!("Received no acme event"),
                 }
             }
         }
@@ -96,19 +97,19 @@ impl TokioListener {
             }
             ItsiTlsAcceptor::Automatic(acme_acceptor, _, rustls_config) => {
                 let accept_future = acme_acceptor.accept(tcp_stream.0);
-                match accept_future.await.unwrap() {
-                    None => Err(ItsiError::Pass()),
-                    Some(start_handshake) => {
-                        let tls_stream = start_handshake
-                            .into_stream(rustls_config.clone())
-                            .await
-                            .unwrap();
-                        // Wrap in your IoStream::TcpTls variant
+                match accept_future.await {
+                    Ok(None) => Err(ItsiError::Pass()),
+                    Ok(Some(start_handshake)) => {
+                        let tls_stream = start_handshake.into_stream(rustls_config.clone()).await?;
                         Ok(IoStream::TcpTls {
                             stream: tls_stream,
                             addr: SockAddr::Tcp(Arc::new(tcp_stream.1)),
                         })
                     }
+                    Err(error) => {
+                        error!(error = format!("{:?}", error));
+                        Err(ItsiError::Pass())
+                    }
                 }
             }
         }

data/crates/itsi_server/src/server/tls/locked_dir_cache.rs

@@ -0,0 +1,94 @@
+use async_trait::async_trait;
+use fs2::FileExt; // for lock_exclusive, unlock
+use std::fs::OpenOptions;
+use std::io::Error as IoError;
+use std::path::{Path, PathBuf};
+use tokio_rustls_acme::caches::DirCache;
+use tokio_rustls_acme::{AccountCache, CertCache};
+
+/// A wrapper around DirCache that locks a file before writing cert/account data.
+pub struct LockedDirCache<P: AsRef<Path> + Send + Sync> {
+    inner: DirCache<P>,
+    lock_path: PathBuf,
+}
+
+impl<P: AsRef<Path> + Send + Sync> LockedDirCache<P> {
+    pub fn new(dir: P) -> Self {
+        let dir_path = dir.as_ref().to_path_buf();
+        let lock_path = dir_path.join(".acme.lock");
+        Self {
+            inner: DirCache::new(dir),
+            lock_path,
+        }
+    }
+
+    fn lock_exclusive(&self) -> Result<std::fs::File, IoError> {
+        let lockfile = OpenOptions::new()
+            .write(true)
+            .truncate(true)
+            .open(&self.lock_path)?;
+        lockfile.lock_exclusive()?;
+        Ok(lockfile)
+    }
+}
+
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> CertCache for LockedDirCache<P> {
+    type EC = IoError;
+
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        // Just delegate to the inner DirCache
+        self.inner.load_cert(domains, directory_url).await
+    }
+
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        // Acquire the lock before storing
+        let lockfile = self.lock_exclusive()?;
+
+        // Perform the store operation
+        let result = self.inner.store_cert(domains, directory_url, cert).await;
+
+        // Unlock and return
+        let _ = fs2::FileExt::unlock(&lockfile);
+        result
+    }
+}
+
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> AccountCache for LockedDirCache<P> {
+    type EA = IoError;
+
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        self.inner.load_account(contact, directory_url).await
+    }
+
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA> {
+        let lockfile = self.lock_exclusive()?;
+
+        let result = self
+            .inner
+            .store_account(contact, directory_url, account)
+            .await;
+
+        let _ = fs2::FileExt::unlock(&lockfile);
+        result
+    }
+}

data/crates/itsi_server/src/server/tls.rs

@@ -1,6 +1,7 @@
 use base64::{engine::general_purpose, Engine as _};
 use itsi_error::Result;
 use itsi_tracing::info;
+use locked_dir_cache::LockedDirCache;
 use rcgen::{CertificateParams, DnType, KeyPair, SanType};
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use rustls_pemfile::{certs, pkcs8_private_keys};
@@ -12,8 +13,8 @@ use std::{
 };
 use tokio::sync::Mutex;
 use tokio_rustls::{rustls::ServerConfig, TlsAcceptor};
-use tokio_rustls_acme::{caches::DirCache, AcmeAcceptor, AcmeConfig, AcmeState};
-
+use tokio_rustls_acme::{AcmeAcceptor, AcmeConfig, AcmeState};
+mod locked_dir_cache;
 const ITS_CA_CERT: &str = include_str!("./itsi_ca/itsi_ca.crt");
 const ITS_CA_KEY: &str = include_str!("./itsi_ca/itsi_ca.key");
 
@@ -50,7 +51,7 @@ pub fn configure_tls(
             );
             let acme_state = AcmeConfig::new(domains)
                 .contact(["mailto:wc@pico.net.nz"])
-                .cache(DirCache::new("./rustls_acme_cache"))
+                .cache(LockedDirCache::new("./rustls_acme_cache"))
                 .directory(directory_url)
                 .state();
             let rustls_config = ServerConfig::builder()

data/gems/scheduler/ext/itsi_server/Cargo.toml

@@ -41,3 +41,6 @@ tempfile = "3.18.0"
 sysinfo = "0.33.1"
 tokio-rustls-acme = "0.6.0"
 rustls = "0.23.23"
+fs2 = "0.4.3"
+ring = "0.17.14"
+async-trait = "0.1.87"

data/gems/scheduler/ext/itsi_server/src/server/listener.rs

@@ -78,8 +78,9 @@ impl TokioListener {
         {
             let mut state = state.lock().await;
             loop {
-                if let Some(event) = StreamExt::next(&mut *state).await {
-                    info!("Received acme event: {:?}", event)
+                match StreamExt::next(&mut *state).await {
+                    Some(event) => info!("Received acme event: {:?}", event),
+                    None => error!("Received no acme event"),
                 }
             }
         }
@@ -96,19 +97,19 @@ impl TokioListener {
             }
             ItsiTlsAcceptor::Automatic(acme_acceptor, _, rustls_config) => {
                 let accept_future = acme_acceptor.accept(tcp_stream.0);
-                match accept_future.await.unwrap() {
-                    None => Err(ItsiError::Pass()),
-                    Some(start_handshake) => {
-                        let tls_stream = start_handshake
-                            .into_stream(rustls_config.clone())
-                            .await
-                            .unwrap();
-                        // Wrap in your IoStream::TcpTls variant
+                match accept_future.await {
+                    Ok(None) => Err(ItsiError::Pass()),
+                    Ok(Some(start_handshake)) => {
+                        let tls_stream = start_handshake.into_stream(rustls_config.clone()).await?;
                         Ok(IoStream::TcpTls {
                             stream: tls_stream,
                             addr: SockAddr::Tcp(Arc::new(tcp_stream.1)),
                         })
                     }
+                    Err(error) => {
+                        error!(error = format!("{:?}", error));
+                        Err(ItsiError::Pass())
+                    }
                 }
             }
         }

data/gems/scheduler/ext/itsi_server/src/server/tls/locked_dir_cache.rs

@@ -0,0 +1,94 @@
+use async_trait::async_trait;
+use fs2::FileExt; // for lock_exclusive, unlock
+use std::fs::OpenOptions;
+use std::io::Error as IoError;
+use std::path::{Path, PathBuf};
+use tokio_rustls_acme::caches::DirCache;
+use tokio_rustls_acme::{AccountCache, CertCache};
+
+/// A wrapper around DirCache that locks a file before writing cert/account data.
+pub struct LockedDirCache<P: AsRef<Path> + Send + Sync> {
+    inner: DirCache<P>,
+    lock_path: PathBuf,
+}
+
+impl<P: AsRef<Path> + Send + Sync> LockedDirCache<P> {
+    pub fn new(dir: P) -> Self {
+        let dir_path = dir.as_ref().to_path_buf();
+        let lock_path = dir_path.join(".acme.lock");
+        Self {
+            inner: DirCache::new(dir),
+            lock_path,
+        }
+    }
+
+    fn lock_exclusive(&self) -> Result<std::fs::File, IoError> {
+        let lockfile = OpenOptions::new()
+            .write(true)
+            .truncate(true)
+            .open(&self.lock_path)?;
+        lockfile.lock_exclusive()?;
+        Ok(lockfile)
+    }
+}
+
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> CertCache for LockedDirCache<P> {
+    type EC = IoError;
+
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        // Just delegate to the inner DirCache
+        self.inner.load_cert(domains, directory_url).await
+    }
+
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        // Acquire the lock before storing
+        let lockfile = self.lock_exclusive()?;
+
+        // Perform the store operation
+        let result = self.inner.store_cert(domains, directory_url, cert).await;
+
+        // Unlock and return
+        let _ = fs2::FileExt::unlock(&lockfile);
+        result
+    }
+}
+
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> AccountCache for LockedDirCache<P> {
+    type EA = IoError;
+
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        self.inner.load_account(contact, directory_url).await
+    }
+
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA> {
+        let lockfile = self.lock_exclusive()?;
+
+        let result = self
+            .inner
+            .store_account(contact, directory_url, account)
+            .await;
+
+        let _ = fs2::FileExt::unlock(&lockfile);
+        result
+    }
+}

data/gems/scheduler/ext/itsi_server/src/server/tls.rs

@@ -1,6 +1,7 @@
 use base64::{engine::general_purpose, Engine as _};
 use itsi_error::Result;
 use itsi_tracing::info;
+use locked_dir_cache::LockedDirCache;
 use rcgen::{CertificateParams, DnType, KeyPair, SanType};
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use rustls_pemfile::{certs, pkcs8_private_keys};
@@ -12,8 +13,8 @@ use std::{
 };
 use tokio::sync::Mutex;
 use tokio_rustls::{rustls::ServerConfig, TlsAcceptor};
-use tokio_rustls_acme::{caches::DirCache, AcmeAcceptor, AcmeConfig, AcmeState};
-
+use tokio_rustls_acme::{AcmeAcceptor, AcmeConfig, AcmeState};
+mod locked_dir_cache;
 const ITS_CA_CERT: &str = include_str!("./itsi_ca/itsi_ca.crt");
 const ITS_CA_KEY: &str = include_str!("./itsi_ca/itsi_ca.key");
 
@@ -50,7 +51,7 @@ pub fn configure_tls(
             );
             let acme_state = AcmeConfig::new(domains)
                 .contact(["mailto:wc@pico.net.nz"])
-                .cache(DirCache::new("./rustls_acme_cache"))
+                .cache(LockedDirCache::new("./rustls_acme_cache"))
                 .directory(directory_url)
                 .state();
             let rustls_config = ServerConfig::builder()

data/gems/scheduler/lib/itsi/scheduler/version.rb

@@ -2,6 +2,6 @@
 
 module Itsi
   class Scheduler
-    VERSION = "0.1.4"
+    VERSION = "0.1.5"
   end
 end

data/gems/server/ext/itsi_server/Cargo.toml

@@ -41,3 +41,6 @@ tempfile = "3.18.0"
 sysinfo = "0.33.1"
 tokio-rustls-acme = "0.6.0"
 rustls = "0.23.23"
+fs2 = "0.4.3"
+ring = "0.17.14"
+async-trait = "0.1.87"

data/gems/server/ext/itsi_server/src/server/listener.rs

@@ -78,8 +78,9 @@ impl TokioListener {
         {
             let mut state = state.lock().await;
             loop {
-                if let Some(event) = StreamExt::next(&mut *state).await {
-                    info!("Received acme event: {:?}", event)
+                match StreamExt::next(&mut *state).await {
+                    Some(event) => info!("Received acme event: {:?}", event),
+                    None => error!("Received no acme event"),
                 }
             }
         }
@@ -96,19 +97,19 @@ impl TokioListener {
             }
             ItsiTlsAcceptor::Automatic(acme_acceptor, _, rustls_config) => {
                 let accept_future = acme_acceptor.accept(tcp_stream.0);
-                match accept_future.await.unwrap() {
-                    None => Err(ItsiError::Pass()),
-                    Some(start_handshake) => {
-                        let tls_stream = start_handshake
-                            .into_stream(rustls_config.clone())
-                            .await
-                            .unwrap();
-                        // Wrap in your IoStream::TcpTls variant
+                match accept_future.await {
+                    Ok(None) => Err(ItsiError::Pass()),
+                    Ok(Some(start_handshake)) => {
+                        let tls_stream = start_handshake.into_stream(rustls_config.clone()).await?;
                         Ok(IoStream::TcpTls {
                             stream: tls_stream,
                             addr: SockAddr::Tcp(Arc::new(tcp_stream.1)),
                         })
                     }
+                    Err(error) => {
+                        error!(error = format!("{:?}", error));
+                        Err(ItsiError::Pass())
+                    }
                 }
             }
         }

data/gems/server/ext/itsi_server/src/server/tls/locked_dir_cache.rs

@@ -0,0 +1,94 @@
+use async_trait::async_trait;
+use fs2::FileExt; // for lock_exclusive, unlock
+use std::fs::OpenOptions;
+use std::io::Error as IoError;
+use std::path::{Path, PathBuf};
+use tokio_rustls_acme::caches::DirCache;
+use tokio_rustls_acme::{AccountCache, CertCache};
+
+/// A wrapper around DirCache that locks a file before writing cert/account data.
+pub struct LockedDirCache<P: AsRef<Path> + Send + Sync> {
+    inner: DirCache<P>,
+    lock_path: PathBuf,
+}
+
+impl<P: AsRef<Path> + Send + Sync> LockedDirCache<P> {
+    pub fn new(dir: P) -> Self {
+        let dir_path = dir.as_ref().to_path_buf();
+        let lock_path = dir_path.join(".acme.lock");
+        Self {
+            inner: DirCache::new(dir),
+            lock_path,
+        }
+    }
+
+    fn lock_exclusive(&self) -> Result<std::fs::File, IoError> {
+        let lockfile = OpenOptions::new()
+            .write(true)
+            .truncate(true)
+            .open(&self.lock_path)?;
+        lockfile.lock_exclusive()?;
+        Ok(lockfile)
+    }
+}
+
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> CertCache for LockedDirCache<P> {
+    type EC = IoError;
+
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        // Just delegate to the inner DirCache
+        self.inner.load_cert(domains, directory_url).await
+    }
+
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        // Acquire the lock before storing
+        let lockfile = self.lock_exclusive()?;
+
+        // Perform the store operation
+        let result = self.inner.store_cert(domains, directory_url, cert).await;
+
+        // Unlock and return
+        let _ = fs2::FileExt::unlock(&lockfile);
+        result
+    }
+}
+
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> AccountCache for LockedDirCache<P> {
+    type EA = IoError;
+
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        self.inner.load_account(contact, directory_url).await
+    }
+
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA> {
+        let lockfile = self.lock_exclusive()?;
+
+        let result = self
+            .inner
+            .store_account(contact, directory_url, account)
+            .await;
+
+        let _ = fs2::FileExt::unlock(&lockfile);
+        result
+    }
+}

data/gems/server/ext/itsi_server/src/server/tls.rs

@@ -1,6 +1,7 @@
 use base64::{engine::general_purpose, Engine as _};
 use itsi_error::Result;
 use itsi_tracing::info;
+use locked_dir_cache::LockedDirCache;
 use rcgen::{CertificateParams, DnType, KeyPair, SanType};
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use rustls_pemfile::{certs, pkcs8_private_keys};
@@ -12,8 +13,8 @@ use std::{
 };
 use tokio::sync::Mutex;
 use tokio_rustls::{rustls::ServerConfig, TlsAcceptor};
-use tokio_rustls_acme::{caches::DirCache, AcmeAcceptor, AcmeConfig, AcmeState};
-
+use tokio_rustls_acme::{AcmeAcceptor, AcmeConfig, AcmeState};
+mod locked_dir_cache;
 const ITS_CA_CERT: &str = include_str!("./itsi_ca/itsi_ca.crt");
 const ITS_CA_KEY: &str = include_str!("./itsi_ca/itsi_ca.key");
 
@@ -50,7 +51,7 @@ pub fn configure_tls(
             );
             let acme_state = AcmeConfig::new(domains)
                 .contact(["mailto:wc@pico.net.nz"])
-                .cache(DirCache::new("./rustls_acme_cache"))
+                .cache(LockedDirCache::new("./rustls_acme_cache"))
                 .directory(directory_url)
                 .state();
             let rustls_config = ServerConfig::builder()

data/gems/server/lib/itsi/server/version.rb

@@ -2,6 +2,6 @@
 
 module Itsi
   class Server
-    VERSION = "0.1.4"
+    VERSION = "0.1.5"
   end
 end

data/lib/itsi/version.rb

@@ -1,3 +1,3 @@
 module Itsi
-  VERSION = "0.1.4"
+  VERSION = "0.1.5"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: itsi
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Wouter Coppieters
@@ -91,6 +91,7 @@ files:
 - crates/itsi_server/src/server/signal.rs
 - crates/itsi_server/src/server/thread_worker.rs
 - crates/itsi_server/src/server/tls.rs
+- crates/itsi_server/src/server/tls/locked_dir_cache.rs
 - crates/itsi_tracing/Cargo.lock
 - crates/itsi_tracing/Cargo.toml
 - crates/itsi_tracing/src/lib.rs
@@ -148,6 +149,7 @@ files:
 - gems/scheduler/ext/itsi_server/src/server/signal.rs
 - gems/scheduler/ext/itsi_server/src/server/thread_worker.rs
 - gems/scheduler/ext/itsi_server/src/server/tls.rs
+- gems/scheduler/ext/itsi_server/src/server/tls/locked_dir_cache.rs
 - gems/scheduler/ext/itsi_tracing/Cargo.lock
 - gems/scheduler/ext/itsi_tracing/Cargo.toml
 - gems/scheduler/ext/itsi_tracing/src/lib.rs
@@ -218,6 +220,7 @@ files:
 - gems/server/ext/itsi_server/src/server/signal.rs
 - gems/server/ext/itsi_server/src/server/thread_worker.rs
 - gems/server/ext/itsi_server/src/server/tls.rs
+- gems/server/ext/itsi_server/src/server/tls/locked_dir_cache.rs
 - gems/server/ext/itsi_tracing/Cargo.lock
 - gems/server/ext/itsi_tracing/Cargo.toml
 - gems/server/ext/itsi_tracing/src/lib.rs