Project

General

Profile

Actions
Copy link

Bug #3193

closed

CRL file should be reloaded on change

Added by tteras over 1 year ago. Updated over 1 year ago.

Status:
Invalid
Priority:
Low
Category:
TLS
Target version:
-
ASK QUESTIONS IN Forums:
No

Description

The SSL implementations should reload the CRL file if it changes. Typically the CRL files will be refreshed often to get latest status of revoked certificates. The CRL files have also a timestamp by which it needs to be updated or it becomes expired. In some cases the cycle where CRL needs to be updated can be short (an hour), so doing a full reload does not sound practical.

Ideally inotify or similar mechanism would be used to monitor the CRL (also OCSP stabling file?) and trigger a reload of the dynamic data on change.

Actions
Copy link
 #1

Updated by gstrauss over 1 year ago

  • Status changed from New to Invalid
  • Priority changed from Normal to Low
  • Target version deleted (1.4.xx)

"I want it" does not necessarily indicate a bug.

CRLs work as designed in lighttpd. You are making a feature request that probably would have been better as a question in the Forums.

so doing a full reload does not sound practical.

citation/data required (explain). Unsubstantiated opinions are worthless.

Contrary to your statement about practicality, lighttpd supports graceful restart with SIGUSR1.

With some contraints on allowed lighttpd.conf configurations, graceful restart is immediate if server.feature-flags "server.graceful-restart-bg" is enabled

Actions
Copy link

Also available in: Atom