Re: [PATCH] Reload SSL certificates on SIGHUP

On 08/31/2016 11:34 PM, Peter Geoghegan wrote:
> On Sun, Nov 22, 2015 at 7:29 PM, Andreas Karlsson <andreas(at)proxel(dot)se> wrote:
>> Sorry for dropping this patch, but now I have started looking at it again.
>
> Any chance of picking this up again soon, Andreas? I think it's an
> important project. I would like to review it.

I do not really have any good ideas for how to fix it for Windows, but
if anyone would like to discuss solutions I am interested in working on
this patch again.

The alternatives as I see them now:

1) Serialize the certificates, key, and CRL and write them to the
backend_var temp file and then deserialize everything in the backends.

Sounds like you would need to write some code for every SSL library to
support the serialization and deserialization, which I am not a fan of
doing just for one platform since I worry about little used code paths.
Additionally this would mean that we write a copy of the private key to
potentially another file system than the one where the private key is
stored, this sounds like a bad idea from a security point of view.

2) Copy all the SSL related files into the data directory at SIGHUP,
before loading them. While this does not require any serialization of
certificates it still has the problem of writing private keys to disk.

3) Leave my patch as it is now. This means the postmaster will reload
certificates on SIGHUP while the backends will also load them when
spawning. This means windows will continue to work the same as before my
patch.

Is there any other way to pass the current set of loaded certificates
and keys from the postmaster to the backends on Windows? I guess you
could use a pipe, but if so we should probably send all data on this
pipe, not just the SSL stuff.

I am leaning towards doing (3) but I know I am biased since it is less
work and I do not care much for Windows.

Andreas