Thanks for the help. This got me on the right track.
-Dan
From: openssl-users
Date: Wednesday, November 11, 2020 at 12:02 PM
To: openssl-users@openssl.org
Subject: Re: Deleted client certificate trust expectations
External Mail. Careful of links / attachments. Submit Helpdesk if unsure.
On
On Wed, Nov 11, 2020 at 04:28:40PM +, Dan Freed wrote:
> I have a question/issue about how OpenSSL should handle a deleted
> client certificate. It appears that once a trusted certificate is read
> from the filesystem, it remains trusted throughout the lifespan of the
> server process.
The bu
What you observe is indeed reality; we ran into it too. (Though we ran
into it in the context of a long-running client verifying server
certificates.)
My assumption is that it's for performance, and that's sensible, but it
would sure be nice to figure out how to detect those changes. If a
stat()
Sorry I realized I didn't include the OpenSSL version I was using.
This is with OpenSSL 1.1.1d 10 Sep 2019.
-Dan
From: openssl-users
Date: Wednesday, November 11, 2020 at 10:29 AM
To: openssl-users@openssl.org
Subject: Deleted client certificate trust expectations
External Mail. Caref
Hello,
I have a question/issue about how OpenSSL should handle a deleted client
certificate. It appears that once a trusted certificate is read from the
filesystem, it remains trusted throughout the lifespan of the server process.
I wrote a small SSL web service that reproduces the issue I'm ha