an-tao · an-tao · Sep 10, 2024 · Sep 9, 2024 · Sep 10, 2024
diff --git a/trantor/net/TcpServer.cc b/trantor/net/TcpServer.cc
@@ -234,3 +234,23 @@ void TcpServer::enableSSL(
         .setValidate(caPath.empty() ? false : true);
     sslContextPtr_ = newSSLContext(*policyPtr_, true);
 }
+
+void TcpServer::reloadSSL()
+{
+    if (loop_->isInLoopThread())
+    {
+        if (policyPtr_)
+        {
+            sslContextPtr_ = newSSLContext(*policyPtr_, true);
+        }
+    }
+    else
+    {
+        loop_->queueInLoop([this]() {
+            if (policyPtr_)
+            {
+                sslContextPtr_ = newSSLContext(*policyPtr_, true);
+            }
+        });
+    }
+}
diff --git a/trantor/net/TcpServer.h b/trantor/net/TcpServer.h
@@ -260,6 +260,14 @@ class TRANTOR_EXPORT TcpServer : NonCopyable
         sslContextPtr_ = newSSLContext(*policyPtr_, true);
     }
 
+    /**
+     * @brief Reload the SSL context.
+     * @note Call this function when the certificate or private key is updated.
+     * The server will reload the SSL context and use the new certificate and
+     * private key. new connections will use the new SSL context.
+     */
+    void reloadSSL();
+
   private:
     void handleCloseInLoop(const TcpConnectionPtr &connectionPtr);
     void newConnection(int fd, const InetAddress &peer);