Re: [PATCH] Reload SSL certificates on SIGHUP

On Wed, Jan 4, 2017 at 3:47 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > On Tue, Jan 3, 2017 at 4:54 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >> I think probably the right thing for now is to install a do-nothing
> >> callback, so that at least we don't have the issue of the postmaster
> >> freezing at SIGHUP. If someone feels like trying to revive support
> >> of passphrase-protected server keys, that would be a perfectly fine
> >> base to build on; they'd need a callback there anyway.
>
> > Does it still support passphrase protected ones on startup, or did that
> get
> > thrown out with the bathwater?
>
> It does not; what would be the point, if the key would be lost at SIGHUP?
>

If we lost it, yes. But we could keep the old key around if it hasn't
changed, thus behave just like we did in <= 9.6.

> > I think that's definitely a separate thing
> > and there are a nontrivial number of people who would be interested in a
> > setup where they can use a passphrase to protect it initially, just not
> > reload it.
>
> If any of those number of people want to step up and design/implement
> a non-broken solution for passphrases, that'd be fine with me. But
> I would want to see something that's actually a credible solution,
> allowing the postmaster to be started as a normal daemon. And working
> on Windows.
>

Well, for all those people 9.6 worked significantly better... Because they
could reload *other* config parameters without failure.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/