Cert hot-reloading
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Sep 1 05:49:41 UTC 2020
On Tue, Sep 01, 2020 at 12:22:30AM -0500, David Arnold wrote:
> A SSL_CTX api seem like a good idea to provide additional guarantees to
> applications.
>
> Maybe Openssl - used as a library - can return to the other legacy
> applications that the certificate is "deemed not valid any more" whenever
> they try to use an outdated pointer?
>
> This ought to be a transparent scenario for a legacy application which *at
> the same time* also do frequent cert rolling.
>
> Would it be appropriate to record some excerpts of this discussion in
> github gist? I can be the secretary, if that would be uncontroversial.
>
By all means, some (who don't follow the list, and in any case prefer
a long-term record of this sort of issue) would rather appreciate
you doing that.
--
Viktor.
More information about the openssl-users
mailing list