Hello,
My company developed application using OpenSSL libraries to establish
SSL/TLS connections.
Our customers would like to have a reasonable way of updating user's
certificate (that is about to expire) without bringing the application
down and loosing all the existing SSL/TLS connections.
What would be the best way to implement the user certificate update?
Currently our code calls following functions during application
initialization to set up the user certificate:
PKCS12_parse(p12, "", &pkey, &x509, NULL);
bool = SSL_CTX_use_PrivateKey(ssl_ctx, pkey);
bool = SSL_CTX_use_certificate(ssl_ctx, x509);
Could we call the same code to set up new certificate. Would these calls
effectively replace the older certificate?
Could we update existing connections to use this new certificate during
session rekeying process?
I greatly appreciate any suggestions and link to any sample code.
Thanks a lot.
Liz
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
openssl-users@...
Automated List Manager
majordomo@...
