| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com>, pgsql-docs <pgsql-docs(at)postgreSQL(dot)org> |
| Subject: | Re: Passphrase protected SSL key and reloads |
| Date: | 2019-04-24 18:58:27 |
| Message-ID: | 013a21e7-75aa-2a68-1747-d13fa6246625@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On 2019-04-24 13:22, Joe Conway wrote:
>> "Using a passphrase also disables the ability to change the server's
>> SSL configuration without a server restart."
>>
>> But as of pg11 we have ssl_passphrase_command_supports_reload, which as
>> I understand it should allow this if the passphrase command is not
>> interactive. Per
>> https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-PASSPHRASE-COMMAND-SUPPORTS-RELOAD
>>
>> "Setting this parameter to true might be appropriate if the passphrase
>> is obtained from a file, for example."
>>
>> Am I misunderstanding, or was the former quote missed when updating the
>> docs for pg11?
Right, that should be amended. I suspect the next sentence
Furthermore, passphrase-protected private keys cannot be used at all
on Windows.
is also related to this. Can someone comment on this?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2019-04-24 19:23:19 | Re: SET ROLE documentation not entirely correct |
| Previous Message | Awad Mackie | 2019-04-24 11:23:27 | Re: REFRESH MATERIALIZED VIEW CONCURRENTLY interaction with ORDER BY |