| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Andreas Karlsson <andreas(at)proxel(dot)se>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
| Date: | 2015-07-29 00:44:56 |
| Message-ID: | 55B82208.4090901@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 7/21/15 8:52 PM, Andreas Karlsson wrote:
> It is not enough to just add a hook to the GUCs since I would guess most
> users would expect the certificate to be reloaded if just the file has
> been replaced and no GUC was changed. To support this we would need to
> also check the mtimes of the SSL files, would that complexity really be
> worth it?
Actually, I misread your patch. I thought you only wanted to reload the
SSL files when the GUC settings change, but of course we also want to
reload them when the files are changed.
I don't have a problem with rebuilding the SSL context on every reload
cycle. We already do a lot of extra reloading every time, so a bit more
shouldn't hurt. But I'm not so sure whether we should do that in the
SIGHUP handler. I don't know how we got into the situation of doing all
the file reloads directly in the handler, but at least we can control
that code. Making a bunch of calls into an external library is a
different thing, though. Can we find a way to do this differently?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2015-07-29 00:51:05 | Re: Buildfarm TAP testing is useless as currently implemented |
| Previous Message | Qingqing Zhou | 2015-07-29 00:36:33 | Re: Planner debug views |