Cert hot-reloading
Jordan Brown
openssl at jordan.maileater.net
Mon Aug 31 16:33:33 UTC 2020
On 8/30/2020 10:26 PM, Kyle Hamilton wrote:
> Could this be dealt with by the simple removal of any caching layer
> between an SSL_CTX and a directory processed by openssl c_rehash?
> Would reading the filesystem on every certificate verification be too
> heavy for your use case?
That might well be sufficient. Rereading the file would probably be
low-cost compared to the network connection.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200831/14a2ac5b/attachment.html>
More information about the openssl-users
mailing list