Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
killall -HUP disconnects clients when using use_identity_as_username true #1402
When sending the HUP signal to mosquitto (for the purpose of log file close/reopen for logrotate), I found that clients using username/password auth remained connected (good), whereas clients of listener using require_certificate / use_identity_as_username were disconnected (bad).
I'm raising this as a separate issue to #657, as I suspect that this is a different special case.
I'm wondering whether the auth checks on reload are not working for the use_identity_as_username case because they may be expecting password to be present when in fact it is not applicable, say.
This is with 1.6.4-0mosquitto1~xenial1 from the mosquitto PPA.
Thanks for the very quick response! :-)
I've tried it out to the the extent that I can say:
However, I haven't tested things like whether it is kicking off clients whose credentials are no longer satisfactory after the config reload via HUP. Can you think of a simple way for me to test that? Otherwise, I'll leave that with you.
Side note: It seems to me that having up-to-date CRL information would align with the intent of the checks that check that client auth crendentials are still applicable. Would it make sense / be practically possible to reload the CRL as part of the config reload on HUP procedure?
So to summarise my suggestion:
I suppose I should raise a separate issue for that, but just want to check with you first regarding how that fits in with the intent of the current reload-config-on-HUP code, and also w.r.t. #35.