From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Alexey Klyukin <alexk(at)hintbits(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: re-reading SSL certificates during server reload |
Date: | 2014-08-28 12:29:29 |
Message-ID: | CABUevExASroqr+un2hw+=zfXpKwTQu3Kt-HLU-bzrQo-zBn07Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> On Wed, Aug 27, 2014 at 11:56 AM, Alexey Klyukin <alexk(at)hintbits(dot)com> wrote:
>>> Greetings,
>>>
>>> Is there a strong reason to disallow reloading server key and cert files
>>> during the PostgreSQL reload?
>>
>> Key and cert files are loaded in the postmaster. We'd need to change
>> that.
>
> Why?
Hmm. That's actually a good point. Not sure I have an excuse. They
could certainly be made BACKEND without that, and there's no way to
change it within a running backend *anyway*, since we cannot turn
on/off SSL once a connection has been made. So yeah, it can actually
still be loaded in postmaster, and I withdraw that argument :)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2014-08-28 12:34:42 | Re: [Fwd: Re: proposal: new long psql parameter --on-error-stop] |
Previous Message | Pavan Deolasee | 2014-08-28 12:29:07 | Re: Is this code safe? |