If anybody wants to add to the argument, please feel free at: https://github.com/openssl/openssl/issues/12753
On Sun, Aug 30, 2020 at 17:04, David Arnold dar@xoe.solutions wrote:
So, I've research a little in the OpenSSL mailing list, the result of which I want to feed back here:
Users list:
https://www.mail-archive.com/openssl-users@openssl.org/msg79444.html
https://www.mail-archive.com/openssl-users@openssl.org/msg85740.html
https://www.mail-archive.com/openssl-users@openssl.org/msg81582.html
That's all I found. Seems to be a thing, but without much momentum. Hm? I wonder: is the practice of certificate rolling every 5 minutes still too exotic? Or didn' t it yet work it's way through the web's institutions?
BR, David
On Thu, Aug 27, 2020 at 16:24, David Arnold dar@xoe.solutions wrote:
On Thu, Aug 27, 2020 at 13:18, Howard Chu hyc@symas.com wrote:
It sounds like the feature you want (auto-refresh an expired cert) should be implemented in the TLS library itself.
You are right, I'll be attempting to go down this branch.