[Devel] [ openser-Patches-1464264 ] support for TLS client domains
(name based and socket based)
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Apr 6 14:56:28 CEST 2006
Dan Pascu wrote:
> Not necessarily (see above). The new configuration can be loaded, contexts
> computed and when available all you have to do is to commute a pointer to
> the new configuration (assuming the whole tls config is kept in a
> structure referenced by a pointer). This pointer change is an atomic
> operation. After this the old tls config can be discarded and the
> transition will be atomic and instantaneous for all worker processes.
I think for ongoing TLS connections the existing SSL contexts may not be
deleted. I'm not an expert on this, but as Jan and Andrei found some
issues I thought there will be some issues.
regards
klaus
More information about the Devel
mailing list