Pierre-Yves Ritschard
Tue, 18 Sep 2007 07:42:33 -0700
On Tue, 18 Sep 2007 15:44:46 +0200 (CEST) "Ben Laurie via RT" <[EMAIL PROTECTED]> wrote:
> According to our records, your request has been resolved. If you have > any further questions or concerns, please respond to this message. I don't agree with this, as steve stated in a previous email: > Instead of relying on file based SSL functions you can instead rely on > structure based ones using X509, EVP_PKEY et al. > > You'd load the structures outside the jail and keep them hanging > around inside. > > Then when you need to reload you just pass the necessary structures. Here is the reply I sent: There's no reliable way to pass these structures on a AF_UNIX socket since I don't know their internals (without pulling in header files I'm not supposed to) and there are other pointers in the X509 and related structs. If you guys think its still achievable without changing openssl, then fine. I really don't see a clean way without breaking the API though. At least there is no documented way of doing this without API violation unless I missed something. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]