Quick Links

Re: re-reading SSL certificates during server reload

From:	Stephen Frost <sfrost(at)snowman(dot)net>
To:	Magnus Hagander <magnus(at)hagander(dot)net>
Cc:	Alexey Klyukin <alexk(at)hintbits(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: re-reading SSL certificates during server reload
Date:	2014-08-27 12:34:25
Message-ID:	20140827123425.GC16422@tamriel.snowman.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> That's certainly an issue. Potentially bigger ones are that you cannot
> replace an expired certificate or CRL without a restart.

+100. I had forgotten about that issue- but it definitely sucks. :(

> Some of this is going to have to be at least partially reworked anyway
> in the work that Heikki has been diong to support non-openssl
> libraries. Making a change like this at the same time is probably a
> good idea.

Agreed.

Thanks,

Stephen

In response to

Re: re-reading SSL certificates during server reload at 2014-08-27 10:40:39 from Magnus Hagander

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2014-08-27 13:05:41	Re: Code bug or doc bug?
Previous Message	Fujii Masao	2014-08-27 12:33:52	Re: Function to know last log write timestamp