[ovs-dev] [PATCH 1/2] stream-ssl: Make changing keys and certificate at runtime reliable.

Justin Pettit jpettit at nicira.com
Thu Aug 5 19:39:34 UTC 2010


On Aug 5, 2010, at 10:00 AM, Ben Pfaff wrote:

> OpenSSL is picky about the order in which keys and certificates are
> changed: you have to change the certificate first, then the key.  It
> doesn't document this, but deep in the source code, in a function that sets
> a new certificate, it has this comment:
> 
>    /* don't fail for a cert/key mismatch, just free
>     * current private key (when switching to a different
>     * cert & key, first this function should be used,
>     * then ssl_set_pkey */
> 
> Brilliant, guys, thanks a lot.

I <3 OpenSSL.

Looks good.

--Justin






More information about the dev mailing list