[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls private key

On Fri, Mar 26, 2010 at 3:18 PM, Howard Chu <hyc@symas.com> wrote:
> Chris Jacobs wrote:
>> There's one sure fire way to find out...
>> Start it up with a syncrepl, then move the private key, and see if it
>> syncs fine both ways.
>> Wait a day or so, and make a change and see if that synced.
>> If I had to put a dollar on it, if guess that it doesn't need the key
>> after

true, but i thought a quick email to the list would have given me a
quick yeah or nay..

> startup. I could be horribly wrong though - I'm not a dev, just a user of
> the
> software.
> It probably depends on which crypto library you built with. I'm pretty sure
> OpenSSL and GnuTLS cache the PEM credentials in memory. Not sure what MozNSS
> does. And of course, if you're paranoid, you can build these libraries to
> use smart tokens and leave the credentials there instead.

built with gnutls (debian build)


>> :)
>> - chris

> --
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/