| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Andrej Podzimek <andrej(at)podzimek(dot)org> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Automatic CRL reload |
| Date: | 2008-12-27 14:10:17 |
| Message-ID: | 20081227141017.GB3847@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Andrej Podzimek wrote:
> "The files server.key, server.crt, root.crt, and root.crl are only
> examined during server start; so you must restart the server for
> changes in them to take effect."
> (http://www.postgresql.org/docs/8.3/static/ssl-tcp.html)
>
> This is perfectly fine for server.key, server.crt and root.crt. These
> files change quite rarely. However, root.crl usually chages once a
> month (which is the default in OpenSSL) or even more often when
> necessary.
I think the right solution here is to reload the CRL file on SIGHUP
(reload). Whoever changes the CRL file should send a signal.
I've had that on my TODO list for a while.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeffrey Melloy | 2008-12-27 22:02:37 | Weird query sort |
| Previous Message | Ivan Sergio Borgonovo | 2008-12-27 11:14:33 | subselect and count (DISTINCT expression [ , ... ] ) performances |