I'm trying to figure out what would be missing to consider server crt-s as
crt-lists (as in bind lines) so that they could be listed via "show ssl
crt-list" APIs and also managed (essentially renewed) this way.
Exemple:
backend foo-using-client-auth
default-server check ssl crt /path/to/crt-list ca-file /path/to/my/ca.pem
server srv0 192.0.2.1:80
I'd like then to manage this using:
set ssl cert <certfile> <payload>
The use-case being the following: when integrating with service mesh solutions
such as consul-connect, you may want to reduce the disruption occurring when
certificates are renewed.
And in such kind of solution, they are renewed quite often (once every few tens
of hours).
In this case the memory space is already allocated etc. so I (naively?) think
it probably doesn't hurt too much.
What is your point-of-view?
--
Pierre
