From ad9a78dfc39543ce3641fb3245bfb92aff5e05c9 Mon Sep 17 00:00:00 2001 From: Roger Light Date: Mon, 25 Jan 2021 23:09:03 +0000 Subject: [PATCH] Note in the man pages that SIGHUP reloads TLS certificates. Closes #2037. Thanks to Greg Troxel. --- ChangeLog.txt | 1 + man/mosquitto.8.xml | 2 ++ man/mosquitto.conf.5.xml | 12 ++++++++++++ 3 files changed, 15 insertions(+) diff --git a/ChangeLog.txt b/ChangeLog.txt index 402fc43dc7..efdbc9fff2 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -14,6 +14,7 @@ Broker: a message with empty topic and topic alias set, but the topic alias hadn't already been configured on the broker. This has been fixed to send a protocol error, as per section 3.3.4 of the specification. +- Note in the man pages that SIGHUP reloads TLS certificates. Closes #2037. Apps: - Allow command line arguments to override config file options in diff --git a/man/mosquitto.8.xml b/man/mosquitto.8.xml index e00bdd6d07..fe2b2d9d39 100644 --- a/man/mosquitto.8.xml +++ b/man/mosquitto.8.xml @@ -431,6 +431,8 @@ be reloaded without restarting. See mosquitto.conf5 for details. + If TLS certificates are in use, then mosquitto will + also reload certificate on receiving a SIGHUP. diff --git a/man/mosquitto.conf.5.xml b/man/mosquitto.conf.5.xml index 6ea2b10fb7..cd76cd5f9c 100644 --- a/man/mosquitto.conf.5.xml +++ b/man/mosquitto.conf.5.xml @@ -1275,6 +1275,12 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S option and must be present to enable certificate based TLS encryption. + + The certificate pointed to by this option will be + reloaded when Mosquitto receives a SIGHUP signal. + This can be used to load new certificates prior to + the existing ones expiring. + @@ -1328,6 +1334,12 @@ openssl dhparam -out dhparam.pem 2048 option and must be present to enable certificate based TLS encryption. + + The private key pointed to by this option will be + reloaded when Mosquitto receives a SIGHUP signal. + This can be used to load new keys prior to + the existing ones expiring. +