Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP

On 01/04/2017 04:14 PM, Stephen Frost wrote:
> * Andreas Karlsson (andreas@proxel.se) wrote:
>> A possible solution might be to only add the error throwing hook
>> when loading certificates during SIGHUP (and at Windows) and to work
>> as before on startup. Would that be an acceptable solution? I could
>> write a patch for this if people are interested.
>
> I'm not sure I see how that's a solution..?  Wouldn't that mean that a
> SIGHUP with an encrypted key would result in a failure?
>
> The solution, at least in my view, seems to be to say "sorry, we can't
> reload the SSL stuff if you used a passphrase to unlock the key on
> startup, you will have to perform a restart if you want the SSL bits to
> be changed."

Sorry, I was very unclear. I meant refusing the reload the SSL context 
if there is a pass phrase, but that the rest of the config will be 
reloaded just fine. This will lead to some log spam on every SIGHUP for 
people with a pass phrase but should otherwise work as before.

Andreas