[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6135) Changed TLS settings in cn=config require a restart

To: openldap-its@openldap.org
Subject: (ITS#6135) Changed TLS settings in cn=config require a restart
From: hyc@OpenLDAP.org
Date: Wed, 20 May 2009 23:52:51 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Howard Chu
Version: 2.4.16/HEAD
OS: Solaris 10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.91.220.157)
Submitted by: hyc


I thought we already had an ITS for this but didn't find it...

slapd's global TLS settings are stored in an SSL context that only gets
initialized at startup time. So changes to these settings via cn=config take no
effect until the next restart. Changes to the other TLS users (syncrepl,
back-ldap, back-meta) take effect immediately, as expected. bconfig.c's
config_tls_config needs to check whether slapd is online or not, and
reinitialize the global context after these changes if so.

Prev by Date: (ITS#6134) Missing ITS state/directory documentation
Next by Date: (ITS#6136) replicated slapd.d interrupts syncrepl refresh
Index(es):
- Chronological
- Thread