kore

a fork of the worlds most advanced web framework
Log | Files | Refs | README | LICENSE

commit 2b3119d0e207046d5f92cdfd88e5bab0f2ffd843
parent 6cf3b3c0dcdf27840fe1994632e1ee8d021d1468
Author: Joris Vink <joris@coders.se>
Date:   Wed, 11 Jul 2018 11:53:56 +0200

add overview of how the keymgr works

Diffstat:
Msrc/keymgr.c | 17+++++++++++++++++
1 file changed, 17 insertions(+), 0 deletions(-)

diff --git a/src/keymgr.c b/src/keymgr.c @@ -14,6 +14,23 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* + * The kore keymgr process is responsible for managing certificates + * and their matching private keys. + * + * It is the only process in Kore that holds the private keys (the workers + * do not have a copy of them in memory). + * + * When a worker requires the private key for signing it will send a message + * to the keymgr with the to-be-signed data (KORE_MSG_KEYMGR_REQ). The keymgr + * will perform the signing and respond with a KORE_MSG_KEYMGR_RESP message. + * + * The keymgr can transparently reload the private keys and certificates + * for a configured domain when it receives a SIGUSR1. It it reloads them + * it will send the newly loaded certificate chains to the worker processes + * which will update their TLS contexts accordingly. + */ + #include <sys/types.h> #include <sys/stat.h>