Florian Westphal wrote...
I had code which did load the new certificates/keys in the OpenSSL backend, but if memory serves me right I didn't find a simple way to do the same with gnutls... so i removed the reload-feature completely.
I see.
"Why would anyone have to re-generate certificates/keys on-the-fly anyway?" 8-(
Are you asking the gnutls guys or me? If the latter: Certificates tend to expire every now and then, or they might have been created using an unsecure version of openssl. And restarting an ircd is always a harsh operation, but how about implementing the /upgrade feature as seen in irssi? ;->
In the given situation I'll combine the certificate exchange with an upgrade to 0.12.
I'll go through my archive and will re-add the reload feature to the OpenSSL backend and look at the gnutls stuff again.
Thanks.
Christoph