Deleted client certificate trust expectations
Jordan Brown
openssl at jordan.maileater.net
Wed Nov 11 16:41:52 UTC 2020
What you observe is indeed reality; we ran into it too. (Though we ran
into it in the context of a long-running client verifying server
certificates.)
My assumption is that it's for performance, and that's sensible, but it
would sure be nice to figure out how to detect those changes. If a
stat() on each verification is considered too expensive, maybe there
could be a timeout, that if the file hasn't been checked in the last ten
minutes then check it.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201111/d2409bdd/attachment.html>
More information about the openssl-users
mailing list