Reload tls_client_ca_file on SIGHUP

[user404d]

Is your feature request related to a problem? Please describe.
Reloading a TCP listener configuration will reload the included tls_cert_file and tls_key_file, but not the tls_client_ca_file.

Describe the solution you'd like
Upon reloading a TCP listener's configuration, reload the tls_client_ca_file if it is configured and enabled.

Describe alternatives you've considered
Restarting vault is an option, but it is convenient to replace certificate pieces while vault is running and allow vault to reload while still serving traffic.

Explain any additional use-cases

Additional context

[mahalrs]

@vishalnayak I will work on this

/assign @mahalrs

[mahalrs]

@vishalnayak I think we need to update TLSConfig() to use Listener.TLSClientCAFile, which means we also need to update NewCertificateGetter() and Reload() to use the TLSClientCAFile. Also, should we just ignore if tls_ca_file is not configured (meaning Listener.TLSClientCAFile is empty). Let me know if I missed anything.

[heatherezell]

@mahalrs were you able to get any progress made on this? Is there anything you need help with, or questions we can answer for you? Let us know if you're blocked.

[heatherezell]

Hi folks, it's been a while since we've heard from you regarding this issue. I'm going to go ahead and close it now, but please feel free to re-open if you need. Thanks for your understanding!

[user404d]

This isn't something mission critical for me, but I don't know why this issue was closed. Is it intentional that this part of the tls config is not reloaded along with the rest?