Project

General

Profile

Actions

Enhancement #758

open

Load new certificates on /BIP RELOAD / SIGHUP

Added by Loïc Gomez over 1 year ago. Updated over 1 year ago.

Status:
In Progress
Priority:
High
Assignee:
Target version:
Start date:
2022-03-15
Due date:
% Done:

100%

Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
No
Branch:
Security:
Help Needed:

Description

We need to find a way to re-read SSL cert/key for use with new client connections.
Most people probably use Let's Encrypt, which means they need to restart BIP every 3 months.


Files

Actions #1

Updated by Pierre-Louis Bonicoli over 1 year ago

ping

Actions #2

Updated by Loïc Gomez over 1 year ago

  • Status changed from New to In Progress
Actions #3

Updated by Loïc Gomez over 1 year ago

  • File 0001-Close-and-re-open-listening-socket-when-reloading-BI.patch added
  • Patch Available set to Yes

Well that was easier than expected.

This needs careful review, as I'm not 100% sure all I did was correct, like did I close/free all required, is there a cleaner solution ?

I also allowed bip to retry 3 times to listen() before going fatal() as there might be issues reusing the port for a few seconds. We use SO_REUSEADDR though, so it should be ok.

Tested changing port or cert and worked for me (/bip RELOAD or SIGHUP) ;)

Actions #4

Updated by Loïc Gomez over 1 year ago

  • File deleted (0001-Close-and-re-open-listening-socket-when-reloading-BI.patch)
Actions #6

Updated by Loïc Gomez over 1 year ago

  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF