func newCAProvider(caFile, caKeyFile string) (*caProvider, error) { … } type caProvider … // setCA unconditionally stores the current cert/key content func (p *caProvider) setCA() error { … } // currentCA provides the current value of the CA. // It always check for a stale value. This is cheap because it's all an in memory cache of small slices. func (p *caProvider) currentCA() (*authority.CertificateAuthority, error) { … }