New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
killall -HUP disconnects clients when using use_identity_as_username true #1402
Comments
Thank you! Are you able to test against the current |
Thanks for the very quick response! :-) I've tried it out to the the extent that I can say:
However, I haven't tested things like whether it is kicking off clients whose credentials are no longer satisfactory after the config reload via HUP. Can you think of a simple way for me to test that? Otherwise, I'll leave that with you. |
Side note: It seems to me that having up-to-date CRL information would align with the intent of the checks that check that client auth crendentials are still applicable. Would it make sense / be practically possible to reload the CRL as part of the config reload on HUP procedure? So to summarise my suggestion: I suppose I should raise a separate issue for that, but just want to check with you first regarding how that fits in with the intent of the current reload-config-on-HUP code, and also w.r.t. #35. |
Closes #1402. Thanks to twegener-embertec.
When sending the HUP signal to mosquitto (for the purpose of log file close/reopen for logrotate), I found that clients using username/password auth remained connected (good), whereas clients of listener using require_certificate / use_identity_as_username were disconnected (bad).
I'm raising this as a separate issue to #657, as I suspect that this is a different special case.
I'm wondering whether the auth checks on reload are not working for the use_identity_as_username case because they may be expecting password to be present when in fact it is not applicable, say.
This is with 1.6.4-0mosquitto1~xenial1 from the mosquitto PPA.
The text was updated successfully, but these errors were encountered: