On Tue, 28 Aug 2001, Rich Salz wrote:
> Unfortunately, the OpenSSL wrapper around gethostbyname cache's lookup
> results forever, so you'll need to restart your application. I know you
> said you can't do that. Good luck figuring out how to address this.
>
> Infinite caching of gethostbyname() results is a bug, so I added -dev
> back to the list. A proper solution would involve lower-level DNS
> queries and using the real TTL. Two hack solutions would be to make the
> timeout be an hour or for applications to spawn a thread that calls
> BIO_ghbn_ctrl() with the 'flush' argument on a regular basis. Perhaps
> the best solution is to make the ghbn cache a config option, turned off
> by default.
Whatever is done, that gethostbyname() handling should be overridable anyway
(ie. via a callback perhaps). Now I think of that, it occurs to me that would
provide a sexy way to support unix domain sockets too (ie. perhaps spot
"hostnames" starting with "/" and treat them as a path??). Thinking out loud
here ...
But yes, it seems the deployed application in question has no choice but to
restart to pick up on the DNS changes, as it will next time the IP address
changes too ...
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
