On Wed, Jul 26, 2000, Martin Lichtin wrote:
> [EMAIL PROTECTED] wrote:
> > > It seems mod_ssl ignores new values for SSLCertificateFile and
> > > SSLCertificateKeyFile when it handles reconfiguration via a HUP
> > > signal.
> >
> > That is correct.
>
> Ok, any reason why not?
> I'm guessing it doesn't reread the certificate because it possibly
> has to ask for a passphrase?
Yes, exactly.
> > If you add/change keys or certificates you need to kill Apache dead and
> > start it again.
>
> Fair enough. But then why does a HUP signal re-open the old certificate files
> and let Apache crash when the files are not there?
That's strange on the first look. But it is caused by the way Apache modules
operate. The check for the file existance is in the config directive parsing
code, the certificate content reading and handling in the init code. And the
config code has no knowledge about re-starts - it always does the same, i.e.,
it always assumes it does a first init.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
