Cert hot-reloading

Jordan Brown openssl at jordan.maileater.net
Mon Aug 31 16:33:33 UTC 2020

On 8/30/2020 10:26 PM, Kyle Hamilton wrote:
> Could this be dealt with by the simple removal of any caching layer
> between an SSL_CTX and a directory processed by openssl c_rehash?
> Would reading the filesystem on every certificate verification be too
> heavy for your use case?

That might well be sufficient.  Rereading the file would probably be
low-cost compared to the network connection.


Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200831/14a2ac5b/attachment.html>

More information about the openssl-users mailing list