[
https://issues.apache.org/jira/browse/DIRSERVER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12716855#action_12716855
]
Kiran Ayyagari commented on DIRSERVER-1373:
-------------------------------------------
>> What happens to established SSL or StartTLS sessions when calling
>> reloadSslContext? Are they killed or do they continue to use the old
>> certificate?
Atm, the connections' are not blocked from reading and writing. I think we can
achieve it by suspending read/write on all the sessions. Emmanuel, is this the
right way to do from a MINA pov?
But another question is that what happens to an already existing SSL
connection? wouldn't it fail because of the new certificate?
>> to reload the SSL context automatically when the certificate of
>> uid=admin,ou=system gets updated
No clue at the moment how to do this in an efficient way, certainly any check
put up in the interceptor would be a over kill IMHO.
> Update of server certificate in uid=admin,ou=system only takes effect after
> restart
> -----------------------------------------------------------------------------------
>
> Key: DIRSERVER-1373
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1373
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ldap
> Affects Versions: 1.5.4
> Reporter: Stefan Seelmann
> Fix For: 1.5.5
>
> Attachments: DIRSERVER-1373-testcases-UPDATED.patch,
> DIRSEVER-1373-Testcases.patch
>
>
> When I update the privateKey, publicKey and userCertificate in
> uid=admin,ou=system and start a new StartTLS session, the server still uses
> the old certificate. After a restart the server uses the new certificate.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
