Reload of key/trustsore when re-establishing a connection #3074
Labels
appenders
Affects one or more Appender plugins
configuration
Affects the configuration system in a general way
enhancement
Additions or updates to features
#2767 introduces functionality to enable reloading key/trustore when the certs are renewed. However a manual step of triggering a reconfiguration (e.g. by touching the config file) is needed for the key/trust store to be reloaded. While this is a big improvement on having no reload, it is still not ideal to have to trigger a reconfiguration.
The cert renewal has no impact on existing established connections (as the handshake is done when the connection is established) so there is no need for the key/trust store to be reloaded for existing connections to continue working.
However, when an error occurs in writing to the socket a retry is attempted which includes the creation of a new socket and connection. Using a no longer valid cert here will prohibit the connection being re-established. If, during the retry, the key/truststore are reloaded, then the latest certs would always be used in re-establishing the connection and would effectively remove the need to trigger the reconfiguration.
Is this something the community would be open accepting a PR on? If so I can work on it and submit
The text was updated successfully, but these errors were encountered: