Home > mailing lists

Re: re-reading SSL certificates during server reload - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: re-reading SSL certificates during server reload
Date	August 28, 2014 15:29:37
Msg-id	CABUevExASroqr+un2hw+=zfXpKwTQu3Kt-HLU-bzrQo-zBn07Q@mail.gmail.com Whole thread Raw
In response to	Re: re-reading SSL certificates during server reload (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: re-reading SSL certificates during server reload
List	pgsql-hackers

Tree view

On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas <robertmhaas@gmail.com> wrote:
> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander <magnus@hagander.net> wrote:
>> On Wed, Aug 27, 2014 at 11:56 AM, Alexey Klyukin <alexk@hintbits.com> wrote:
>>> Greetings,
>>>
>>> Is there a strong reason to disallow reloading server key and cert files
>>> during the PostgreSQL reload?
>>
>> Key and cert files are loaded in the postmaster. We'd need to change
>> that.
>
> Why?

Hmm. That's actually a good point. Not sure I have an excuse. They
could certainly be made BACKEND without that, and there's no way to
change it within a running backend *anyway*, since we cannot turn
on/off SSL once a connection has been made. So yeah, it can actually
still be loaded in postmaster, and I withdraw that argument :)

-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/

pgsql-hackers by date:

From: Pavan Deolasee
Date: 28 August 2014, 15:29:32
Subject: Re: Is this code safe?

From: Pavel Stehule
Date: 28 August 2014, 15:35:35
Subject: Re: [Fwd: Re: proposal: new long psql parameter --on-error-stop]

Re: re-reading SSL certificates during server reload - Mailing list pgsql-hackers

Previous

Next