Implement automatic reload of TLS certificates after a crash #4658
Description
If you are submitting a reproducible bug report, please provide:
- A clear description of the issue
ProxySQL_create_or_load_TLS() is called by proxysql during the initial bootstrap, and certificates are stored in memory.
When the process forks, the child process will inherit the certificates stored in memory.
Any call to PROXYSQL RELOAD TLS will load new certificates on the child process, but not on the parent process.
Thus, after a crash, when restarting the child will inherit the original certificates.
- ProxySQL version
All up to latest (2.7.0)
- OS version
Any
- The steps to reproduce the issue
- start proxysql in background
- generate and load new TLS certificates with
PROXYSQL RELOAD TLS - crash it (kill it with
-6or-9) - proxysql should now have the old certificates loaded
- Possible solution
In case of crash, call ProxySQL_create_or_load_TLS() in ProxySQL_daemonize_phase3() .
Unrelated enhancement in a relevant code path:
call_execute_on_exit_failure() can report an info message during a crash, suggesting the use of execute_on_exit_failure is not present.