On Sun, Oct 04, 2020 at 08:13:11PM +0200, William Dauchy wrote: > Hello, > > This patchset is an attempt to add a new command for configure ssl on > server at runtime: > > - the first patch adds the possibility to observe the change on a `show > servers state`. > - the two next ones are only here to prepare the last one to add the > command. I added them separatly to facilitate the review. > `ssl_sock_prepare_srv_ctx` protection is not mandatory but I found it > safer while writing my patch. > - the last one is adding the new command. I'm not 100% sure of the > consequences of`prepare_srv` and `destroy_srv` but from what I read > and tested, it seems ok. >
That's an interesting idea but I'm kind of confused about this. The problem with activating SSL on-the-fly is that SSL is not only an on/off option but there are a lot of parameters that can be configured, and that won't fit the server state file. I fear it will complicate a lot of things in the future in this form. Maybe you could have pre-configured but disabled servers with SSL in your configuration and enable them progressively with the CLI instead ? Willy has maybe a better suggestion about this. -- William Lallemand