Unfortunately, the OpenSSL wrapper around gethostbyname cache's lookup
results forever, so you'll need to restart your application. I know you
said you can't do that. Good luck figuring out how to address this.
Infinite caching of gethostbyname() results is a bug, so I added -dev
back to the list. A proper solution would involve lower-level DNS
queries and using the real TTL. Two hack solutions would be to make the
timeout be an hour or for applications to spawn a thread that calls
BIO_ghbn_ctrl() with the 'flush' argument on a regular basis. Perhaps
the best solution is to make the ghbn cache a config option, turned off
by default.
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
