Thanks for the insight from both of you.. I have spent couple of hours browsing through the code and realized that even if async io would be possible in PSK callback, I would have really hard time wrap my head around it. The learning curve is just too steep (not to mention post-implementation maintenance of that patch). Right now, the solution to replace the file and reload haproxy sounds more feasible.
> BTW, in the thread about the TLS-PSK support, it was suggested to use a map > to handle identities. When it will be done, it will be possible to > dynamically update the map. I will be following haproxy development for any news in this regard. Thanks, Brano Zarnovican