Hi, The server side NFS over TLS daemon (rpc.tlsservd) can reload an updated CRL (Certificate Revocation List) when a SIGHUP is posted to it. However, it does not SSL_shutdown()/close() extant TCP connections using TLS. (Those would only be closed if the daemon is restarted.) I am now thinking that, maybe, an SSL_shutdown()/close() should be done on all extant TCP connections using NFS over TLS when an updated CRL is loaded, since a connection might have used a revoked certificate for its handshake. What do others think? Thanks, rickReceived on Thu Sep 03 2020 - 23:20:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC