add overview of how the keymgr works - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit 2b3119d0e207046d5f92cdfd88e5bab0f2ffd843
parent 6cf3b3c0dcdf27840fe1994632e1ee8d021d1468
Author: Joris Vink <joris@coders.se>
Date:   Wed, 11 Jul 2018 11:53:56 +0200

add overview of how the keymgr works

Diffstat:
src/keymgr.c  | 17 +++++++++++++++++

1 file changed, 17 insertions(+), 0 deletions(-)
diff --git a/src/keymgr.c b/src/keymgr.c
@@ -14,6 +14,23 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+/*
+ * The kore keymgr process is responsible for managing certificates
+ * and their matching private keys.
+ *
+ * It is the only process in Kore that holds the private keys (the workers
+ * do not have a copy of them in memory).
+ *
+ * When a worker requires the private key for signing it will send a message
+ * to the keymgr with the to-be-signed data (KORE_MSG_KEYMGR_REQ). The keymgr
+ * will perform the signing and respond with a KORE_MSG_KEYMGR_RESP message.
+ *
+ * The keymgr can transparently reload the private keys and certificates
+ * for a configured domain when it receives a SIGUSR1. It it reloads them
+ * it will send the newly loaded certificate chains to the worker processes
+ * which will update their TLS contexts accordingly.
+ */
+
 #include <sys/types.h>
 #include <sys/stat.h>

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git