[ovs-dev] [PATCH 1/2] stream-ssl: Make changing keys and certificate at runtime reliable.
jpettit at nicira.com
Thu Aug 5 19:39:34 UTC 2010
On Aug 5, 2010, at 10:00 AM, Ben Pfaff wrote:
> OpenSSL is picky about the order in which keys and certificates are
> changed: you have to change the certificate first, then the key. It
> doesn't document this, but deep in the source code, in a function that sets
> a new certificate, it has this comment:
> /* don't fail for a cert/key mismatch, just free
> * current private key (when switching to a different
> * cert & key, first this function should be used,
> * then ssl_set_pkey */
> Brilliant, guys, thanks a lot.
I <3 OpenSSL.
More information about the dev