killall -HUP disconnects clients when using use_identity_as_username true #1402
Comments
|
Thank you! Are you able to test against the current |
|
Thanks for the very quick response! :-) I've tried it out to the the extent that I can say:
However, I haven't tested things like whether it is kicking off clients whose credentials are no longer satisfactory after the config reload via HUP. Can you think of a simple way for me to test that? Otherwise, I'll leave that with you. |
|
Side note: It seems to me that having up-to-date CRL information would align with the intent of the checks that check that client auth crendentials are still applicable. Would it make sense / be practically possible to reload the CRL as part of the config reload on HUP procedure? So to summarise my suggestion: I suppose I should raise a separate issue for that, but just want to check with you first regarding how that fits in with the intent of the current reload-config-on-HUP code, and also w.r.t. #35. |
Closes #1402. Thanks to twegener-embertec.
When sending the HUP signal to mosquitto (for the purpose of log file close/reopen for logrotate), I found that clients using username/password auth remained connected (good), whereas clients of listener using require_certificate / use_identity_as_username were disconnected (bad).
I'm raising this as a separate issue to #657, as I suspect that this is a different special case.
I'm wondering whether the auth checks on reload are not working for the use_identity_as_username case because they may be expecting password to be present when in fact it is not applicable, say.
This is with 1.6.4-0mosquitto1~xenial1 from the mosquitto PPA.
The text was updated successfully, but these errors were encountered: