ocserv and OCSP
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Sun Jan 8 01:32:30 PST 2017
On Sat, Jan 7, 2017 at 9:29 PM, Björn Ketelaars
<bjorn.ketelaars at hydroxide.nl> wrote:
> From ocserv(8) it is not clear to me if ocserv automatically picks up an
> update of the response file as generated by ocsptool.
All reloads of files in ocserv (certs and ocsp responses) are done
during the maintenance window of the server, something that happens
periodically, every 15 minutes. So while the reload will not be
imminent it will be done. To force it you can send the HUP signal to
server.
> ocserv(8) also states that the response file needs to be replaced in an atomic
> way. If I'm not mistaken this means:
> 1.) Write output of ocsptool to a temp file;
> 2.) mv temp file to resonse file (as defined in ocserv.conf: ocsp-response)
That's what it means.
regards,
Nikos
More information about the openconnect-devel
mailing list