Hmm, I can't answer your question, but could you try something like a graceful
restart? This will finish whatever connections currently connected clients
have open and then all new ones will be with new configuration. THis way you
can keep 24 hour availability.
You can either put this in the cron (if you are on unix). On windows, I am not
sure if there is a cron equivalent, but There are scheduling services, so you
might be able to use them to do a graceful restart of apache every 3 or 6
hours (or however often you need to refresh the list).
HTH
Victor
Dag Legern�s wrote:
> Hi,
>
> I have been working for some time on a project requiring use of CRLs (for
> checking client certificates)
> in Apache/mod_ssl.
>
> Almost everything now works as I want; however, as far as I can tell the
> CRLs are read
> only when mod_ssl starts, so that it is impossible to include new CRLs
> without restarting Apache.
> This seems to apply both for the SSLCARevocationPath and the
> SSLCARevocationFile
> mechanisms (I have only tested this on NT).
>
> This is inconvenient since we want 24h service availability and new
> revocation lists are typically published
> every 6 hours.
>
> Is it possible to make mod_ssl check the CRL file(s) for new CRLs when the
> existing CRLs
> in memory have expired without restarting Apache ?
>
> Regards
>
> Dag Legern�s
>
> Posten SDS, Norway
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
