On 2014-08-28 10:30:30 -0400, Tom Lane wrote:
> Andres Freund writes:
> > On 2014-08-28 10:20:08 -0400, Tom Lane wrote:
> >> Having said that, there's a nearby thread about inventing a "SUBACKEND"
> >> GUC category, and that's likely what we'd really want to use here, just
> >> on the grounds that
Andres Freund writes:
> On 2014-08-28 10:20:08 -0400, Tom Lane wrote:
>> Having said that, there's a nearby thread about inventing a "SUBACKEND"
>> GUC category, and that's likely what we'd really want to use here, just
>> on the grounds that superusers would know better.
> What we really want is
On 2014-08-28 10:20:08 -0400, Tom Lane wrote:
> Andres Freund writes:
> > On 2014-08-28 10:12:19 -0400, Tom Lane wrote:
> >> Hm. Yeah, I guess there is some use in holding onto the values that were
> >> actually used to initialize the current session, or at least there would
> >> be if we exposed
On Thu, Aug 28, 2014 at 4:14 PM, Andres Freund wrote:
> On 2014-08-28 10:12:19 -0400, Tom Lane wrote:
>> Magnus Hagander writes:
>> > On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane wrote:
>> >> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
>>
>> > I just thought semantically - bec
Andres Freund writes:
> On 2014-08-28 10:12:19 -0400, Tom Lane wrote:
>> Hm. Yeah, I guess there is some use in holding onto the values that were
>> actually used to initialize the current session, or at least there would
>> be if we exposed the cert contents in any fashion.
> Won't that allow t
On 2014-08-28 10:12:19 -0400, Tom Lane wrote:
> Magnus Hagander writes:
> > On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane wrote:
> >> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
>
> > I just thought semantically - because they do not change in a running
> > backend. Any running
Magnus Hagander writes:
> On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane wrote:
>> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
> I just thought semantically - because they do not change in a running
> backend. Any running backend will continue with encryption set up
> based on t
On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane wrote:
> Magnus Hagander writes:
>> On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas wrote:
>>> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander
>>> wrote:
Key and cert files are loaded in the postmaster. We'd need to change
that.
>
>>> Why?
>
>>
Magnus Hagander writes:
> On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas wrote:
>> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander wrote:
>>> Key and cert files are loaded in the postmaster. We'd need to change
>>> that.
>> Why?
> Hmm. That's actually a good point. Not sure I have an excuse. Th
On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas wrote:
> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander wrote:
>> On Wed, Aug 27, 2014 at 11:56 AM, Alexey Klyukin wrote:
>>> Greetings,
>>>
>>> Is there a strong reason to disallow reloading server key and cert files
>>> during the PostgreSQL reloa
On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander wrote:
> On Wed, Aug 27, 2014 at 11:56 AM, Alexey Klyukin wrote:
>> Greetings,
>>
>> Is there a strong reason to disallow reloading server key and cert files
>> during the PostgreSQL reload?
>
> Key and cert files are loaded in the postmaster. We'd
* Magnus Hagander (mag...@hagander.net) wrote:
> That's certainly an issue. Potentially bigger ones are that you cannot
> replace an expired certificate or CRL without a restart.
+100. I had forgotten about that issue- but it definitely sucks. :(
> Some of this is going to have to be at least pa
On Wed, Aug 27, 2014 at 11:56 AM, Alexey Klyukin wrote:
> Greetings,
>
> Is there a strong reason to disallow reloading server key and cert files
> during the PostgreSQL reload?
Key and cert files are loaded in the postmaster. We'd need to change
that. I'm not saying that's not a good idea, but i
Greetings,
Is there a strong reason to disallow reloading server key and cert files
during the PostgreSQL reload?
Basically, once you run multiple databases in a cluster and use different
DNS names to connect to different databases (in order for those databases
to be moved somewhere without chang
14 matches
Mail list logo
