[Date Prev][Date Next]
Re: tls private key
On Fri, Mar 26, 2010 at 3:18 PM, Howard Chu <firstname.lastname@example.org> wrote:
> Chris Jacobs wrote:
>> There's one sure fire way to find out...
>> Start it up with a syncrepl, then move the private key, and see if it
>> syncs fine both ways.
>> Wait a day or so, and make a change and see if that synced.
>> If I had to put a dollar on it, if guess that it doesn't need the key
true, but i thought a quick email to the list would have given me a
quick yeah or nay..
> startup. I could be horribly wrong though - I'm not a dev, just a user of
> It probably depends on which crypto library you built with. I'm pretty sure
> OpenSSL and GnuTLS cache the PEM credentials in memory. Not sure what MozNSS
> does. And of course, if you're paranoid, you can build these libraries to
> use smart tokens and leave the credentials there instead.
built with gnutls (debian build)
>> - chris
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/