re-reading SSL certificates during server reload

From: Alexey Klyukin <alexk(at)hintbits(dot)com>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: re-reading SSL certificates during server reload
Date: 2014-08-27 09:56:28
Message-ID: CAAS3tyLJcv-m0CqfMrrxUjwa9_FKscKuAKT9_L41wNuJZywM2Q@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Greetings,

Is there a strong reason to disallow reloading server key and cert files
during the PostgreSQL reload?

Basically, once you run multiple databases in a cluster and use different
DNS names to connect to different databases (in order for those databases
to be moved somewhere without changing the client code), and enable SSL
certificate checking, the problem becomes evident: in order to add a new
database to the existing cluster you have to add its name to the SSL
certificate for the server, and in order for this changes to come into
effect you have to restart the server.

In the documentation for server cert and key file there is a notice that
this parameter can only be reloaded during the server start. It seems that
the only place the backend certificates are loaded is inside the
secure_initialize, which, in order, calls initialize_SSL().

From my point of view, I see nothing preventing separation of the
certificate reload code and SSL library initialization and calling the
former during the server reload. It might happen that with the new
certificate file that some of the existing connections will be unable to
reconnect, or, if the certificate is invalid, the server will be unable to
restart, but this are the sort of problems that also happen with reload of
pg_hba.conf as well, so these alone does not sound like a significant
showstopper.

--
Regards,
Alexey Klyukin

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Heikki Linnakangas 2014-08-27 09:57:36 Re: pgbench throttling latency limit
Previous Message Fabien COELHO 2014-08-27 09:41:37 Re: pgbench throttling latency limit