* Andreas Karlsson (andr...@proxel.se) wrote: > On 01/04/2017 04:14 PM, Stephen Frost wrote: > >* Andreas Karlsson (andr...@proxel.se) wrote: > >>A possible solution might be to only add the error throwing hook > >>when loading certificates during SIGHUP (and at Windows) and to work > >>as before on startup. Would that be an acceptable solution? I could > >>write a patch for this if people are interested. > > > >I'm not sure I see how that's a solution..? Wouldn't that mean that a > >SIGHUP with an encrypted key would result in a failure? > > > >The solution, at least in my view, seems to be to say "sorry, we can't > >reload the SSL stuff if you used a passphrase to unlock the key on > >startup, you will have to perform a restart if you want the SSL bits to > >be changed." > > Sorry, I was very unclear. I meant refusing the reload the SSL > context if there is a pass phrase, but that the rest of the config > will be reloaded just fine. This will lead to some log spam on every > SIGHUP for people with a pass phrase but should otherwise work as > before.
Right, that sounds like it'd work for me, at least. Thanks! Stephen
signature.asc
Description: Digital signature
