Re: Cert hot-reloading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/30/2020 7:24 PM, David Arnold wrote:
Hot-plugging the pointer seems to force atomicity considerations down-stream, which might be
educationally a good thing for openssl to press for. It also addresses Jordan's use case, for however
application specific it might be. For compat reasons, a "legacy" mode which creates a new context
for *new* connections might be the necessary "bridge" into that transformation.

I haven't particularly thought about the implementation; that seemed like Just Work.  There might need to be reference counts on the structures involved so that they can be safely "freed" while they are in active use by another thread.  Simply swapping out a pointer isn't going to be enough because you can't know whether another thread already picked up a copy of that pointer and so you can't know when you can free the old structure.  As I think about it more, there might be a challenge fitting such a mechanism into the existing functions.

-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux