reqwest icon indicating copy to clipboard operation
reqwest copied to clipboard

Published 20 hours ago verified publisher icon seanmonstar

Connection pool behavior on expiring certificates

Open telcy opened this issue 2 years ago • 1 comments

I am using an async client (connection pool) and sending a request every x minutes. The third party API SSL certificate was valid when the application started and expired some days later (a new SSL certificate does exist).

error sending request for url (https://...): error trying to connect: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1883: (certificate has expired)

I have received this error for approx. 2.5 hours before it started working again.

What is the current behavior for pooled connections and certificates that have expired while running?

telcy avatar Oct 10 '22 16:10 telcy

That error points out it was trying to connect, so it wasn't a pooled connection. If you're using the default TLS, it's just using openssl's defaults, in case it caches certificates.

seanmonstar avatar Oct 10 '22 19:10 seanmonstar