Enhancement #758
open
Load new certificates on /BIP RELOAD / SIGHUP
Added by Loïc Gomez over 2 years ago.
Updated 9 months ago.
Description
We need to find a way to re-read SSL cert/key for use with new client connections.
Most people probably use Let's Encrypt, which means they need to restart BIP every 3 months.
- Status changed from New to In Progress
- File 0001-Close-and-re-open-listening-socket-when-reloading-BI.patch added
- Patch Available set to Yes
Well that was easier than expected.
This needs careful review, as I'm not 100% sure all I did was correct, like did I close/free all required, is there a cleaner solution ?
I also allowed bip to retry 3 times to listen() before going fatal() as there might be issues reusing the port for a few seconds. We use SO_REUSEADDR though, so it should be ok.
Tested changing port or cert and worked for me (/bip RELOAD or SIGHUP) ;)
- File deleted (
0001-Close-and-re-open-listening-socket-when-reloading-BI.patch)
- File 0001-Close-and-re-open-listening-socket-when-reloading-BI.patch added
- % Done changed from 0 to 100
- File deleted (
0001-Close-and-re-open-listening-socket-when-reloading-BI.patch)
- Confirmed changed from No to Yes
This did not work/had bip crash last time I used it.
Maybe something changed preventing reuse of the socket, but then we don't need to close the listening socket to reload certs.
We actually should instead rebuild the SSL context that's been generated once and for all on first client connection.
Will fill in a Review issue for patches.
- Target version changed from 0.10.0 to 21
- Target version changed from 21 to 0.10.0
Also available in: Atom
PDF
Updated by 
Updated by