> Is it safe to have a thread reload trusted certificates and crls into a SSL_CTX's X509_STORE while connections are running in other threads, especially when considering renegotiations? As a general rule, multi-thread simultaneous access doesn't work and will often make things go ka-boom. But generally ongoing connections use SSL objects, not SSL_CTX, so a brief locking scheme should be okay. Objects are copied and ref-counted when an SSL is created from an SSL_CTX... -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz
