Cert hot-reloading

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 1 05:49:41 UTC 2020

On Tue, Sep 01, 2020 at 12:22:30AM -0500, David Arnold wrote:

> A SSL_CTX api seem like a good idea to provide additional guarantees to
> applications.
> Maybe Openssl - used as a library - can return to the other legacy
> applications that the certificate is "deemed not valid any more" whenever
> they try to use an outdated pointer?
> This ought to be a transparent scenario for a legacy application which *at
> the same time* also do frequent cert rolling.
> Would it be appropriate to record some excerpts of this discussion in
> github gist? I can be the secretary, if that would be uncontroversial.

By all means, some (who don't follow the list, and in any case prefer
a long-term record of this sort of issue) would rather appreciate
you doing that.


More information about the openssl-users mailing list