pub(crate) fn try_reload_tls(state: &TlsReloadState) -> Result<(), ServerError>Expand description
Rebuild the TLS acceptor from state.paths and atomically swap it in.
On any error the previous acceptor is left in place, so a bad rotation
(truncated file, expired cert) doesn’t take TLS down.