move logic to determine whether to reload tls configuration to tlsutil helper

helper/tlsutil/config.go

@@ -421,3 +421,25 @@ func ParseMinVersion(version string) (uint16, error) {
 
 	return vers, nil
 }
+
+func ShouldReloadRPCConnections(old, new *config.TLSConfig) (bool, error) {
+	var tlsInfoEqual bool
+
+	// If already configured with TLS, compare with the new TLS configuration
+	if new != nil {
+		var err error
+		tlsInfoEqual, err = new.CertificateInfoIsEqual(old)
+		if err != nil {
+			return false, err
+		}
+	} else {
+		// If not configured with TLS, compare with the new TLS configuration
+		tlsInfoEqual = new == nil && old == nil
+	}
+
+	if new != nil && old != nil {
+		tlsInfoEqual = new.EnableRPC == old.EnableRPC
+	}
+
+	return tlsInfoEqual, nil
+}

nomad/server.go

@@ -678,13 +678,12 @@ func (s *Server) Reload(newConfig *Config) error {
 		}
 	}
 
-	tlsInfoEqual, err := newConfig.TLSConfig.CertificateInfoIsEqual(s.config.TLSConfig)
+	shouldReloadTLS, err := tlsutil.ShouldReloadRPCConnections(s.config.TLSConfig, newConfig.TLSConfig)
 	if err != nil {
-		s.logger.Printf("[ERR] nomad: error parsing server TLS configuration: %s", err)
+		s.logger.Printf("[ERR] nomad: error checking whether to reload TLS configuration: %s", err)
-		return err
 	}
 
-	if !tlsInfoEqual || newConfig.TLSConfig.EnableRPC != s.config.TLSConfig.EnableRPC {
+	if shouldReloadTLS {
 		if err := s.reloadTLSConnections(newConfig.TLSConfig); err != nil {
 			s.logger.Printf("[ERR] nomad: error reloading server TLS configuration: %s", err)
 			multierror.Append(&mErr, err)