MichaelMorrisEst opened a new issue, #3074:
URL: https://github.com/apache/logging-log4j2/issues/3074

   https://github.com/apache/logging-log4j2/pull/2767 introduces functionality 
to enable reloading key/trustore when the certs are renewed. However a manual 
step of triggering a reconfiguration (e.g. by touching the config file) is 
needed for the key/trust store to be reloaded. While this is a big improvement 
on having no reload, it is still not ideal to have to trigger a reconfiguration.
   
   The cert renewal has no impact on existing established connections (as the 
handshake is done when the connection is established) so there is no need for 
the key/trust store to be reloaded for existing connections to continue working.
   However, when an error occurs in writing to the socket a retry is attempted 
which includes the creation of a new socket and connection. Using a no longer 
valid cert here will prohibit the connection being re-established. If, during 
the retry, the key/truststore are reloaded, then the latest certs would always 
be used in re-establishing the connection and would effectively remove the need 
to trigger the reconfiguration.
   
   Is this something the community would be open accepting a PR on? If so I can 
work on it and submit
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to