Hi Yassine, hi Kostya, On 14.03.19 10:17, Kostya Vasilyev via dovecot wrote:
On Thu, Mar 14, 2019, at 12:09 PM, Yassine Chaouche via dovecot wrote:On 3/14/19 9:55 AM, Patrick Cernko via dovecot wrote:[...] the way we have configured exim, it neither needs reload or restart but reads the certificate file every time it has to use it.What happens if you goof off in the middle of an opeartion, temporarily putting a wrong file instead of the new certificate, and exim starts delivering the new broken certificate right away ? or breaks ? or clients can't connect anymore with TLS ? or don't connect at all if you don't allow non-TLS connexions ?
First: It happens the same if I replace the file with a wrong cert AND reload another service deamon and then get interupted. Second: I use ansible to push configurations and usually first push changes to a test system or only one machine.
Third: Server administration always has the risk of human error ;-)
Getting caught in the middle of a cert file or key file update should not happen -- a process that already opened a file will continue to be reading from that file, even if it gets renamed. But what if exim (or some other process) happens to read the "old" certificate file - and then the "new" private key file (or vice versa)? A race condition like this seems unlikely but technically possible.
We store cert and key together in one PEM file, thus we will always exchange both cert and key in one "atomic" operation.
Best, -- Patrick Cernko <pcer...@mpi-klsb.mpg.de> +49 681 9325 5815 Joint Administration: Information Services and Technology Max-Planck-Institute fuer Informatik & Softwaresysteme
smime.p7s
Description: S/MIME Cryptographic Signature
