Details
-
Bug
-
Resolution: Won't Fix
-
Major
-
None
-
Cheshire-Cat
-
None
-
Triaged
-
1
-
Unknown
Description
Currently the filename for the certificate to use for TLS is specified for each of the interfaces in memcached.json so you could in theory have a unique certificate on each of the individual ports you're listening to.
All of the interfaces may be modified dynamically and this adds extra complexity in order to synchonize the internal "cache" of the SSL object used inside memcached to avoid reading and parsing all of the keys evey time we connect to the system.
Given that we only use a SINGLE pair of private key and certificate chain the configuration should be moved off the interface definition and into a new toplevel entry:
"tls" : { "private_key": "/path/to/key", "certificate_chain":"/path/to/certificate" }
|