<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hello All,</div>
<div> </div>
<div>
<div>Is it safe to have a thread reload trusted certificates and crls into a SSL_CTX's X509_STORE while connections are running in other threads, especially when considering renegotiations?</div>
<div>The idea would be to replace the instance of X509_STORE with a new one or is there a better way to do it?</div>
<div> </div>
<div>Pseudo code of the store updater thread:</div>
<div> </div>
<div>ReloadTrustedStore(SSL_CTX* ctx)<br/>
{<br/>
X509_STORE *newStore = X509_STORE_new();<br/>
CopySettingsfromExistingStore(newStore, ctx)<br/>
LoadCertsCrls(newStore);<br/>
SSL_CTX_set_cert_store(ctx, newStore); <br/>
}</div>
<div> </div>
<div>Thanks</div>
<div>Fabrizio</div>
</div></div></body></html>