| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | pgsql-docs <pgsql-docs(at)postgreSQL(dot)org>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: Passphrase protected SSL key and reloads |
| Date: | 2019-04-24 11:22:03 |
| Message-ID: | cdecbf67-54c6-2522-2d77-abffc3209d23@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
(moved from Hackers to docs)
On 1/5/19 4:26 PM, Joe Conway wrote:
> On https://www.postgresql.org/docs/11/ssl-tcp.html it says:
>
> "Using a passphrase also disables the ability to change the server's
> SSL configuration without a server restart."
>
> But as of pg11 we have ssl_passphrase_command_supports_reload, which as
> I understand it should allow this if the passphrase command is not
> interactive. Per
> https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-PASSPHRASE-COMMAND-SUPPORTS-RELOAD
>
> "Setting this parameter to true might be appropriate if the passphrase
> is obtained from a file, for example."
>
> Am I misunderstanding, or was the former quote missed when updating the
> docs for pg11?
Since I am already thinking about pgsql-docs today -- any comment on this?
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Awad Mackie | 2019-04-24 11:23:27 | Re: REFRESH MATERIALIZED VIEW CONCURRENTLY interaction with ORDER BY |
| Previous Message | Joe Conway | 2019-04-24 11:17:08 | Re: Update section on NFS |