#48199 SSL config should use model sockets
Opened 4 years ago by rmeggins. Modified 2 years ago

When changes are made to SSL configuration over LDAP, we should immediately store those changes in a model socket. In slapd_ssl_init2, when calling SSL_ImportFD, we should use the model socket argument. Then we don't have to do all of the SSL configuration in slapd_ssl_init2, that will be done by calling SSL_ImportFD with the model.

At startup, we should create the model socket from the configuration entries, then use the model socket to create the SSL listener sockets.

I'm not sure what we can do dynamically with SSL listener sockets. It may be possible to stop listening (remove the SSL listener fds from the poll list), then use SSL_ReconfigFD to reconfigure them with the latest SSL settings, then add them back.


Per triage, push the target milestone to 1.3.6.

Metadata Update from @nhosoi:
- Issue set to the milestone: 1.3.6.0

2 years ago

Metadata Update from @mreynolds:
- Custom field component reset (from Security - SSL)
- Issue close_status updated to: None
- Issue set to the milestone: 1.4 backlog (was: 1.3.6.0)

2 years ago

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field reviewstatus adjusted to None
- Issue tagged with: RFE

2 years ago

Login to comment on this ticket.

Metadata