[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6135) Changed TLS settings in cn=config require a restart

Full_Name: Howard Chu
Version: 2.4.16/HEAD
OS: Solaris 10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: hyc

I thought we already had an ITS for this but didn't find it...

slapd's global TLS settings are stored in an SSL context that only gets
initialized at startup time. So changes to these settings via cn=config take no
effect until the next restart. Changes to the other TLS users (syncrepl,
back-ldap, back-meta) take effect immediately, as expected. bconfig.c's
config_tls_config needs to check whether slapd is online or not, and
reinitialize the global context after these changes if so.