[sr-dev] git:andrei/tcp_tls_changes: tls: migrated to the runtime cfg framework
Andrei Pelinescu-Onciul
andrei at iptel.org
Fri May 28 19:57:15 CEST 2010
On May 28, 2010 at 15:10, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> Am 28.05.2010 13:44, schrieb Andrei Pelinescu-Onciul:
> > config - can be changed at runtime and if followed by a
> > tls.realod, the configuration from the new file will
> > be loaded.
>
> Andrei, the module README still states:
>
> > TLS specific config reloading is not safe, so for now better
> > don't use it, especially under heavy traffic.
>
> Is this still the case?
Yes, there is a race condition when loading the config. It's very hard
to trigger (since the tls domain configs are kept around for some time in an
attempt to avoid this race) and probably if you don't continuously reload
the config while having very heavy tls traffic and some swapping you'll
never be able to trigger it.
Anyway it should be fixed (transformed into something race-free,
similar with the runtime changes in the cfg framework).
Andrei
More information about the sr-dev
mailing list