> Is there something I'm missing? Nope. > Would it be reasonable to have OpenSSL watch the metadata on the file or directory and, on change, discard cached certificates and, for a file, reload the file? Unlikely to happen :) -- Jordan Brown, Oracle Solaris