Cedric Staub

Your approach to add a callback sounds reasonable to me. Happy to accept a pull request to add that.

FYI: Square also has a corporate CLA if your employer prefers that over the individual one, just email [email protected] to get that set up.

Thanks for testing this -- I suppose we will have to pipe the "disable authentication" flag setting to the TLS config to make sure we don't set an X.509 source...

This could work, if you could give that a try that would be helpful: https://github.com/ghostunnel/ghostunnel/pull/390 If unsetting GetCertificate doesn't fix it I'm not sure what else it could be, though.

As a workaround, you can use `jq` to turn the stream of JSON objects into a list: ``` knox acl KEY-ID | jq -s . ```

Thanks for your contribution @sheagcraig! I think we can simplify this a bit, like so: ```diff --git a/certstore/certstore_darwin.go b/certstore/certstore_darwin.go index 78dab6c..162c49f 100644 --- a/certstore/certstore_darwin.go +++ b/certstore/certstore_darwin.go @@ -175,9 +175,10 @@...

New pull request: #426

Agree, reloading policies would be neat (and not that hard to do). Re-authorizing existing connections would be a bit trickier.

Here's a WIP: https://github.com/ghostunnel/ghostunnel/tree/cs/opa-reload

Support for reloading: https://github.com/ghostunnel/ghostunnel/pull/381