On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas <robertmh...@gmail.com> wrote: >>> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander <mag...@hagander.net> >>> wrote: >>>> Key and cert files are loaded in the postmaster. We'd need to change >>>> that. > >>> Why? > >> Hmm. That's actually a good point. Not sure I have an excuse. They >> could certainly be made BACKEND without that, and there's no way to >> change it within a running backend *anyway*, since we cannot turn >> on/off SSL once a connection has been made. So yeah, it can actually >> still be loaded in postmaster, and I withdraw that argument :) > > Why would they need to be BACKEND, as opposed to just PGC_SIGHUP? > The only reason they're PGC_POSTMASTER is the lack of any code > for loading updated values, which I assume is something that's > possible with OpenSSL.
I just thought semantically - because they do not change in a running backend. Any running backend will continue with encryption set up based on the old certificate. > We could in fact wait to load them until after a backend has forked off > from the postmaster, but (1) that'd slow down session startup, and (2) > it would mean that you don't hear about broken settings at postmaster > startup. > > (BTW, what happens on Windows? I imagine we have to reload them anyway > after fork/exec on that platform ...) Yes, we already do that - secure_initialize() is called in SubPostmasterMain(). But I think reloading them in the postmaster on Unix is the better choice, yes. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
