Re: Deleted client certificate trust expectations

2020-11-11 Thread Dan Freed
Thanks for the help. This got me on the right track. -Dan From: openssl-users Date: Wednesday, November 11, 2020 at 12:02 PM To: openssl-users@openssl.org Subject: Re: Deleted client certificate trust expectations External Mail. Careful of links / attachments. Submit Helpdesk if unsure. On

Re: Deleted client certificate trust expectations

2020-11-11 Thread Viktor Dukhovni
On Wed, Nov 11, 2020 at 04:28:40PM +, Dan Freed wrote: > I have a question/issue about how OpenSSL should handle a deleted > client certificate. It appears that once a trusted certificate is read > from the filesystem, it remains trusted throughout the lifespan of the > server process. The bu

Re: Deleted client certificate trust expectations

2020-11-11 Thread Jordan Brown
What you observe is indeed reality; we ran into it too.  (Though we ran into it in the context of a long-running client verifying server certificates.) My assumption is that it's for performance, and that's sensible, but it would sure be nice to figure out how to detect those changes.  If a stat()

Re: Deleted client certificate trust expectations

2020-11-11 Thread Dan Freed
Sorry I realized I didn't include the OpenSSL version I was using. This is with OpenSSL 1.1.1d 10 Sep 2019. -Dan From: openssl-users Date: Wednesday, November 11, 2020 at 10:29 AM To: openssl-users@openssl.org Subject: Deleted client certificate trust expectations External Mail. Caref

Deleted client certificate trust expectations

2020-11-11 Thread Dan Freed
Hello, I have a question/issue about how OpenSSL should handle a deleted client certificate. It appears that once a trusted certificate is read from the filesystem, it remains trusted throughout the lifespan of the server process. I wrote a small SSL web service that reproduces the issue I'm ha