Hi, The server side NFS over TLS daemon (rpc.tlsservd) can reload an updated CRL (Certificate Revocation List) when a SIGHUP is posted to it. However, it does not SSL_shutdown()/close() extant TCP connections using TLS. (Those would only be closed if the daemon is restarted.)
I am now thinking that, maybe, an SSL_shutdown()/close() should be done on all extant TCP connections using NFS over TLS when an updated CRL is loaded, since a connection might have used a revoked certificate for its handshake. What do others think? Thanks, rick _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[email protected]"
