Project

General

Profile

Enhancement #758

Load new certificates on /BIP RELOAD / SIGHUP

Added by Loïc Gomez 4 months ago. Updated 4 months ago.

Status:
In Progress
Priority:
High
Assignee:
Target version:
Start date:
2022-03-15
Due date:
% Done:

100%

Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
No
Branch:
Security:
Help Needed:

Description

We need to find a way to re-read SSL cert/key for use with new client connections.
Most people probably use Let's Encrypt, which means they need to restart BIP every 3 months.


Files

History

#1

Updated by Pierre-Louis Bonicoli 4 months ago

ping

#2

Updated by Loïc Gomez 4 months ago

  • Status changed from New to In Progress
#3

Updated by Loïc Gomez 4 months ago

  • File 0001-Close-and-re-open-listening-socket-when-reloading-BI.patch added
  • Patch Available set to Yes

Well that was easier than expected.

This needs careful review, as I'm not 100% sure all I did was correct, like did I close/free all required, is there a cleaner solution ?

I also allowed bip to retry 3 times to listen() before going fatal() as there might be issues reusing the port for a few seconds. We use SO_REUSEADDR though, so it should be ok.

Tested changing port or cert and worked for me (/bip RELOAD or SIGHUP) ;)

#4

Updated by Loïc Gomez 4 months ago

  • File deleted (0001-Close-and-re-open-listening-socket-when-reloading-BI.patch)
#6

Updated by Loïc Gomez 4 months ago

  • % Done changed from 0 to 100

Also available in: Atom PDF