Hello All,
Is it safe to have a thread reload trusted certificates and crls into a SSL_CTX's X509_STORE while connections are running in other threads, especially when considering renegotiations?
The idea would be to replace the instance of X509_STORE with a new one or is there a better way to do it?
Pseudo code of the store updater thread:
ReloadTrustedStore(SSL_CTX* ctx)
{
X509_STORE *newStore = X509_STORE_new();
CopySettingsfromExistingStore(newStore, ctx)
LoadCertsCrls(newStore);
SSL_CTX_set_cert_store(ctx, newStore);
}
{
X509_STORE *newStore = X509_STORE_new();
CopySettingsfromExistingStore(newStore, ctx)
LoadCertsCrls(newStore);
SSL_CTX_set_cert_store(ctx, newStore);
}
Thanks
Fabrizio
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
