Home > mailing lists

Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP
Date	January 4, 2017 22:37:54
Msg-id	97c1bad2-ac72-052a-0525-1d115f094f15@2ndquadrant.com Whole thread Raw
In response to	Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On 1/4/17 10:57 AM, Tom Lane wrote:
> I still maintain that the existing solution for passphrases is useless,
> but in the interest of removing objections to the current patch, I'll
> go make that happen.

Sounds good.

Looking around briefly (e.g., Apache, nginx), the standard approach
appears to be a configuration setting that gets the password from an
external program or file.  (Although the default still appears to be to
get from tty.)

systemd has support for getting passwords to services without tty.

So if someone is interested, there is some room for enhancement here.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: Fabien COELHO
Date: 04 January 2017, 22:30:27
Subject: Re: [HACKERS] proposal: session server side variables

From: Stephen Frost
Date: 04 January 2017, 22:49:58
Subject: Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP

Re: [HACKERS] [PATCH] Reload SSL certificates on SIGHUP - Mailing list pgsql-hackers

Previous

Next