Hakky54 commented on issue #3074: URL: https://github.com/apache/logging-log4j2/issues/3074#issuecomment-2646111432
> Could you explain more your use case? I looked at Tomcat's SSL implementation ([SSLUtilBase](https://github.com/apache/tomcat/blob/3f5b0cc58ce3c5cc7f74a9cbcfe083b303f222ff/java/org/apache/tomcat/util/net/SSLUtilBase.java#L265)) and some HTTP client libraries for Java and I couldn't find an example of the opportunistic keystore reloading behavior you are proposing. How do you deal with modification of the key/trust store in other Java components? > > Certificate expiration events are usually very rare, so I would assume that whenever such an event occurs: > > The keystore and truststore are modified. All the applications that use them are notified. IIRC UNIX for servers like NGINX you just need to send a SIGUSR signal. Since Java applications do not support that, they need to be restarted. Hi @ppkarwasz I can provide an example with Tomcat. As you might know with Tomcat it is possible to programatically configure the ssl configuration and also reload it. I have written a working example here: https://github.com/Hakky54/java-tutorials/tree/main/instant-ssl-reloading-with-spring-tomcat It uses my own library for taking care of reloading the ssl configuration, see here https://github.com/Hakky54/sslcontext-kickstart?tab=readme-ov-file#support-for-reloading-ssl-at-runtime I hope it will be useful for this task -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
