[gnutls-help] TLS-Server with Let’s Encrypt
Sam Varshavchik
mrsam at courier-mta.com
Fri Aug 3 12:59:26 CEST 2018
Mario Lombardo writes:
> Hi Sam,
>
>
> thank you for your message. What about the existing sessions
> (gnutls_session_t)? Can I call gnutls_credentials_clear() once the handshake
> is finished and keep the connection for this session established? I believe
> it is not safe to gnutls_certificate_free_credentials() as long as there are
> sessions bound to this store, is it?
Presuming there are no multiple thread-related issues, I would expect it to
be safe. If the library needs it, for some reason, I expect it to make its
own copy. I find nothing in the public documentation that requires
credential to exist as long as some session that used them, initially, is
still around.
> Or is there any other best practice? Can I set other credentials on an
> existing session (after handshake)?
You can also take the approach of creating a new context for all new
sessions, and keep the old context, with the old credentials, until all
existing session which use it go away. I don't believe this is necessary,
but this is also one possible way to do it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20180803/a14cf164/attachment-0001.sig>
More information about the Gnutls-help
mailing list