| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Alexey Klyukin <alexk(at)hintbits(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: re-reading SSL certificates during server reload |
| Date: | 2014-08-28 14:14:54 |
| Message-ID: | 20140828141454.GD25984@awork2.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2014-08-28 10:12:19 -0400, Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
>
> > I just thought semantically - because they do not change in a running
> > backend. Any running backend will continue with encryption set up
> > based on the old certificate.
>
> Hm. Yeah, I guess there is some use in holding onto the values that were
> actually used to initialize the current session, or at least there would
> be if we exposed the cert contents in any fashion.
Won't that allow the option to be specified at connection start by mere
mortal users? That sounds odd to me.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2014-08-28 14:20:08 | Re: re-reading SSL certificates during server reload |
| Previous Message | Tom Lane | 2014-08-28 14:14:53 | Re: [COMMITTERS] pgsql: Allow units to be specified in relation option setting value. |