| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Michael Banck <michael(dot)banck(at)credativ(dot)de>, Peter Geoghegan <pg(at)heroku(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
| Date: | 2017-01-05 16:55:16 |
| Message-ID: | 5359.1483635316@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> Of course, if there's some sort of commonly-used library out there for
> this sort of thing where we can just link against it and call whatever
> APIs it exposes, that might be a better alternative, or something to
> support in addition, but I don't really know whether there's any
> standardization in this area.
I was wondering if we could make use of ssh-agent. But it seems to want
to hold the private key itself, so that you have to communicate with it
every time you need an operation done with the key. I'm not sure what the
performance of that is like, and I am sure that the code would look a
whole lot different from the path where we hold the key locally. It might
be workable if OpenSSL already incorporates library routines for talking
to ssh-agent, but I haven't looked.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2017-01-05 16:56:56 | Re: ALTER SYSTEM for pg_hba.conf |
| Previous Message | Tom Lane | 2017-01-05 16:48:27 | Re: [HACKERS] Re: [PATCH] BUG #14486: Inserting and selecting interval have different constraints |