Enhancement #758
open
Load new certificates on /BIP RELOAD / SIGHUP
100%
Description
We need to find a way to re-read SSL cert/key for use with new client connections.
Most people probably use Let's Encrypt, which means they need to restart BIP every 3 months.
Updated by
Updated by Loïc Gomez about 3 years ago
- File 0001-Close-and-re-open-listening-socket-when-reloading-BI.patch added
- Patch Available set to Yes
Well that was easier than expected.
This needs careful review, as I'm not 100% sure all I did was correct, like did I close/free all required, is there a cleaner solution ?
I also allowed bip to retry 3 times to listen() before going fatal() as there might be issues reusing the port for a few seconds. We use SO_REUSEADDR though, so it should be ok.
Tested changing port or cert and worked for me (/bip RELOAD or SIGHUP) ;)
Updated by Loïc Gomez about 3 years ago
- File deleted (
0001-Close-and-re-open-listening-socket-when-reloading-BI.patch)
Updated by Loïc Gomez about 3 years ago
- File 0001-Close-and-re-open-listening-socket-when-reloading-BI.patch added
Forgot to lint.
Updated by Loïc Gomez over 1 year ago
- File deleted (
0001-Close-and-re-open-listening-socket-when-reloading-BI.patch)
Updated by Loïc Gomez over 1 year ago
- Confirmed changed from No to Yes
This did not work/had bip crash last time I used it.
Maybe something changed preventing reuse of the socket, but then we don't need to close the listening socket to reload certs.
We actually should instead rebuild the SSL context that's been generated once and for all on first client connection.
Will fill in a Review issue for patches.