replacing a certificate cannot work correctly

[Geal]

certificates and their related information are stored in two parts:

• a hashmap fingerprint -> certificate (and other info): https://github.com/sozu-proxy/sozu/blob/master/lib/src/network/tls.rs#L353
• a trie domain name -> fingerprint (to lookup the certificate from SNI usage): https://github.com/sozu-proxy/sozu/blob/master/lib/src/network/tls.rs#L351

Currently, if we remove the old certificate then add the new one, there's a gap during which TLS connections with those certificates won't work.
If we add the new certificate then remove the old one, then the adding part would replace the fingerprint in the trie with the new one, and the removing part would remove the new fingerprint from the trie (for all the domain names handled by the old certificate): https://github.com/sozu-proxy/sozu/blob/master/lib/src/network/tls.rs#L718-L720

proposal: store a Vec<CertFingerprint> as value in the trie. That way, when we add or remove, we edit the related vector. If we look up a name and the resulting vec has multiple entries, just take the first one, since it means the certificate is still valid.

[NotBad4U]

A good way can be to add a new command replaceCertificate.

• Add new endpoint to cli
• Add the catch of this Order here
• Send the command to the workers and manage it here
• You'll add a new method replace to the trie.rs

[Geal]

for the trie, this will be a normal remove and and add, because the old certificate and the new certificate might not have the same set of DNS names

[Geal]

Fixed by 6dd6f6d