On Sun, Oct 04, 2020 at 08:13:11PM +0200, William Dauchy wrote:
> Hello,
> This patchset is an attempt to add a new command for configure ssl on
> server at runtime:
> - the first patch adds the possibility to observe the change on a `show
>   servers state`.
> - the two next ones are only here to prepare the last one to add the
>   command. I added them separatly to facilitate the review.
>   `ssl_sock_prepare_srv_ctx` protection is not mandatory but I found it
>   safer while writing my patch.
> - the last one is adding the new command. I'm not 100% sure of the
>   consequences of`prepare_srv` and `destroy_srv` but from what I read
>   and tested, it seems ok.

That's an interesting idea but I'm kind of confused about this.

The problem with activating SSL on-the-fly is that SSL is not only an
on/off option but there are a lot of parameters that can be configured,
and that won't fit the server state file. I fear it will complicate a
lot of things in the future in this form.

Maybe you could have pre-configured but disabled servers with SSL in your
configuration and enable them progressively with the CLI instead ?

Willy has maybe a better suggestion about this.

William Lallemand

Reply via email to