Commits on Jul 24, 2023

1. rpcserver: Support dynamic cert reload. …

   This modifies the RPC server to support dynamically reloading (aka hot
   reload) the RPC certificate/key pair as well as the client CAs (when
   configured with --authtype=clientcert).
   
   In other words, dcrd will now notice when the certificates have been
   changed on the file system on new connections and reload and cache the
   new ones.
   
   In terms of deciding  when to reload the files, this implementation opts
   for a highly portable stat-based approach that does not require any
   additional dependencies over using platform specific file change
   notifications such as inotify on Linux.
   
   This implementation also aims to provide nice error handling semantics
   and includes additional logic to minimize the amount of disk accesses
   needed to determine with the files have changed.
   
   The following is an overview of the semantics:
   
   - All connections used a cached TLS config
   - Certs are only tested for changes and reloaded when:
     - A new connection is established
     - At least 5 seconds have passed since the last check
     - The file modification times and/or sizes have changed
   - The existing working certs are retained if any errors are encountered
     when loading the new ones in order to avoid breaking a working config
   - Only a single error will be shown for attempt at loading an invalid
     config as opposed to spamming the same error on every new connection

   

   davecgh committed Jul 24, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 488b816
   • Browse repository at this point

   Copy the full SHA

   488b816 View commit details

   Browse the repository at this point in the history