On Mon, Dec 22, 2025 at 07:29:10PM -0500, Tom Lane wrote: > Bruce Momjian <[email protected]> writes: > > On Wed, Nov 26, 2025 at 09:34:18AM +0000, PG Doc comments form wrote: > >> Clarify that ssl_cert_file and ssl_key_file are only read on startup -- > >> implying that the params can be changed and the files moved to the new > >> location/name without requiring a restart. Of course a restart is good to > >> validate that the params and files are configured correctly. > > > The docs say that you can only change this in postgresql.conf or on the > > command line. Changes to postgresql.conf requires pg_ctl reload or > > something similar. > > The actual problem with this change request is that it's wrong. > We've supported changing ssl_cert_file --- either the GUC value > or the file contents --- via "pg_ctl reload" or equivalent for > years now (cf. commits de41869b6, 6667d9a6d). So I don't see > anything wrong with the docs text as it stands.
I had trouble parsing his text too but I think the original poster's point was that changing these values don't affect a connected session. When the original poster says restart, I think he/she means restart the session, not the postmaster, but I am not 100% clear on that either. -- Bruce Momjian <[email protected]> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
