Re: Dynamically adding/deleting SSL certificates

2018-06-05 Thread Aurélien Nephtali
On Fri, Jun 1, 2018 at 11:13 AM, Aurélien Nephtali wrote: > > We also need to agree on the payload format to use in the add command: > only the PEM certificate is supported at the moment but when there > will be OCSP + SCTL support it will become messy very quick. > In my tests I am using

Re: Dynamically adding/deleting SSL certificates

2018-06-01 Thread Aurélien Nephtali
Hello Willy, On Thu, May 31, 2018 at 9:02 PM, Willy Tarreau wrote: > Hi Aurélien, > > On Thu, May 31, 2018 at 11:01:44AM +0200, Aurélien Nephtali wrote: >> Anyone has more comments, ideas or remarks regarding these patches ? > > Not on the patches themselves, but I think I mentioned elsewhere

Re: Dynamically adding/deleting SSL certificates

2018-05-31 Thread Willy Tarreau
Hi Aurélien, On Thu, May 31, 2018 at 11:01:44AM +0200, Aurélien Nephtali wrote: > Anyone has more comments, ideas or remarks regarding these patches ? Not on the patches themselves, but I think I mentioned elsewhere that we really need to start an important discussion on the subject of how to

Re: Dynamically adding/deleting SSL certificates

2018-05-31 Thread Aurélien Nephtali
Hello Emeric, everyone, On Wed, May 23, 2018 at 9:39 PM, Aurélien Nephtali wrote: > Hello Emeric, > > On Tue, May 22, 2018 at 05:37:58PM +0200, Emeric Brun wrote: >> Hi Auréline >> >> I see that you're using the domain to known the certificate to delete. >> >> If you take a look to crt-list, you

Re: Dynamically adding/deleting SSL certificates

2018-05-23 Thread Aurélien Nephtali
Hello Emeric, On Tue, May 22, 2018 at 05:37:58PM +0200, Emeric Brun wrote: > Hi Auréline > > I see that you're using the domain to known the certificate to delete. > > If you take a look to crt-list, you will see that the identifier of the > certificate > is customizable and is not necessarily

Re: Dynamically adding/deleting SSL certificates

2018-05-22 Thread Emeric Brun
Hi Auréline On 05/18/2018 11:07 AM, Aurélien Nephtali wrote: > Hello, > > On Wed, Apr 18, 2018 at 9:34 PM, Aurélien Nephtali > wrote: >> Hello, >> >> I have some patches to support dynamically loading and unloading PEM >> certificates through the CLI. It is mainly a

Re: Dynamically adding/deleting SSL certificates

2018-05-18 Thread Aurélien Nephtali
Hello, On Wed, Apr 18, 2018 at 9:34 PM, Aurélien Nephtali wrote: > Hello, > > I have some patches to support dynamically loading and unloading PEM > certificates through the CLI. It is mainly a big refactoring of some > part of the SSL code (thanks Thierry for your

Re: Dynamically adding/deleting SSL certificates

2018-04-18 Thread Aurélien Nephtali
Hello, I have some patches to support dynamically loading and unloading PEM certificates through the CLI. It is mainly a big refactoring of some part of the SSL code (thanks Thierry for your patches, we came to the same conclusion :) !). When loading a PEM certificate, one also wants to load

Re: Dynamically adding/deleting SSL certificates

2018-03-07 Thread Thierry Fournier
Hi aurelien, I already look for adding dynamic certificates, and it is a real pain for me. Note that I look for this one year ago, maybe something changed. I look this development regarding only the basic usage: dynamically update of RSA certificates, and I encountered some difficulties: -

Re: Dynamically adding/deleting SSL certificates

2018-03-06 Thread Willy Tarreau
Hello Aurélien, On Tue, Mar 06, 2018 at 02:13:31PM +0100, Aurélien Nephtali wrote: > > Probably that we could in fact extend the CLI syntax in a backwards > > compatible > > way : > > > >[ ]* * > >[optional body] > > > > Most commands don't use a body. Those using a body have to

Re: Dynamically adding/deleting SSL certificates

2018-03-06 Thread Aurélien Nephtali
Hello Willy, On Mon, Mar 5, 2018 at 8:37 PM, Willy Tarreau wrote: > Quotes could be part of some future statements and we'd > possibly regret having used them if already used for this. For example we > could > imagine one day uploading some JSON parts for certain things. True, but

Re: Dynamically adding/deleting SSL certificates

2018-03-06 Thread Aurélien Nephtali
Hello Willy, On Mon, Mar 5, 2018 at 7:25 PM, Willy Tarreau wrote: > I tend to think (first idea out of my head) that for such file types, > we could very well consider that the command reads multiple lines and > stops at the first empty line. That's very convenient to use in scripts

Re: Dynamically adding/deleting SSL certificates

2018-03-05 Thread Willy Tarreau
Hi Pieter, On Mon, Mar 05, 2018 at 07:55:17PM +0100, PiBa-NL wrote: > I would think the ocsp updates already does something similar with base64. Yes, I thought about OCSP as well since I think it was the first one to require large blocks. However OCSP contains a single binary record that it

Re: Dynamically adding/deleting SSL certificates

2018-03-05 Thread PiBa-NL
Hi, Op 5-3-2018 om 19:25 schreef Willy Tarreau: Hello Aurélien, On Mon, Mar 05, 2018 at 03:34:11PM +0100, Aurélien Nephtali wrote: Hello, I'm working on a feature to add or delete SSL certificates without reloading HAProxy and I'm facing a problem regarding the way to feed the new

Re: Dynamically adding/deleting SSL certificates

2018-03-05 Thread Willy Tarreau
Hello Aurélien, On Mon, Mar 05, 2018 at 03:34:11PM +0100, Aurélien Nephtali wrote: > Hello, > > I'm working on a feature to add or delete SSL certificates without > reloading HAProxy and I'm facing a problem regarding the way to feed > the new certificates to the admin socket. > > The