On Mon, 13 Nov 2006, Rami Michael wrote:
My stunnel setup is working fine, got mysql being hit from a couple of boxes but my question is this... I have stunnel setup so i copy the cert created from the remote client over to the local server so remote connections are authenticated. Now that works fine and dandy, the issue is, if i am adding a new remote client, i add the cert from the client to my certs.pem locally but i need to restart the stunnel process before stunnel will "read in" the new cert. I know this does not sound like a big deal, but if i have 20 machines connected through stunnel to this local box and i need to restart stunnel whenever i need to add a new box or take off an old one, i don't think its good.
I use stunnel for mysql so i got these guys doing inserts and a broken connection would really mess things up for me... i think maybe there is a flag i can set? or maybe send the process some type of command to reload the certs?
What you want is to use the CApath = directory to verify your client certificates.
Check the Global Options section of the manpage.