directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ayyagari (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-1373) Update of server certificate in uid=admin,ou=system only takes effect after restart
Date Sat, 06 Jun 2009 09:40:07 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12716855#action_12716855
] 

Kiran Ayyagari commented on DIRSERVER-1373:
-------------------------------------------

>> What happens to established SSL or StartTLS sessions when calling reloadSslContext?
Are they killed or do they continue to use the old certificate?

Atm, the connections' are not blocked from reading and writing. I think we can achieve it
by suspending read/write on all the sessions. Emmanuel, is this the right way to do from a
MINA pov?

But another question is that what happens to an already existing SSL connection? wouldn't
it fail because of the new certificate?

>> to reload the SSL context automatically when the certificate of uid=admin,ou=system
gets updated

No clue at the moment how to do this in an efficient way, certainly any check put up in the
interceptor would be a over kill IMHO.


> Update of server certificate in uid=admin,ou=system only takes effect after restart
> -----------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1373
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1373
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: 1.5.4
>            Reporter: Stefan Seelmann
>             Fix For: 1.5.5
>
>         Attachments: DIRSERVER-1373-testcases-UPDATED.patch, DIRSEVER-1373-Testcases.patch
>
>
> When I update the privateKey, publicKey and userCertificate in uid=admin,ou=system and
start a new StartTLS session, the server still uses the old certificate. After a restart the
server uses the new certificate.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message