Deleted client certificate trust expectations

Jordan Brown openssl at
Wed Nov 11 16:41:52 UTC 2020

What you observe is indeed reality; we ran into it too.  (Though we ran
into it in the context of a long-running client verifying server

My assumption is that it's for performance, and that's sensible, but it
would sure be nice to figure out how to detect those changes.  If a
stat() on each verification is considered too expensive, maybe there
could be a timeout, that if the file hasn't been checked in the last ten
minutes then check it.

Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list