From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Michael Banck <michael(dot)banck(at)credativ(dot)de>, Peter Geoghegan <pg(at)heroku(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
Date: | 2017-01-04 14:59:25 |
Message-ID: | 20170104145925.GN18360@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Wed, Jan 4, 2017 at 3:47 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > > On Tue, Jan 3, 2017 at 4:54 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > >> I think probably the right thing for now is to install a do-nothing
> > >> callback, so that at least we don't have the issue of the postmaster
> > >> freezing at SIGHUP. If someone feels like trying to revive support
> > >> of passphrase-protected server keys, that would be a perfectly fine
> > >> base to build on; they'd need a callback there anyway.
> >
> > > Does it still support passphrase protected ones on startup, or did that
> > get
> > > thrown out with the bathwater?
> >
> > It does not; what would be the point, if the key would be lost at SIGHUP?
>
> If we lost it, yes. But we could keep the old key around if it hasn't
> changed, thus behave just like we did in <= 9.6.
Either that, or throw the same warning that we can't reload the SSL
bits if we had to ask for a passphrase at startup, again like how it
worked in 9.6.
> > > I think that's definitely a separate thing
> > > and there are a nontrivial number of people who would be interested in a
> > > setup where they can use a passphrase to protect it initially, just not
> > > reload it.
> >
> > If any of those number of people want to step up and design/implement
> > a non-broken solution for passphrases, that'd be fine with me. But
> > I would want to see something that's actually a credible solution,
> > allowing the postmaster to be started as a normal daemon. And working
> > on Windows.
>
> Well, for all those people 9.6 worked significantly better... Because they
> could reload *other* config parameters without failure.
Indeed, this is important functionality that people are using. I don't
agree with simply removing it because we want to make these options able
to be changed on a reload, that's not a good trade-off.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Andreas Karlsson | 2017-01-04 15:01:22 | Re: [PATCH] Reload SSL certificates on SIGHUP |
Previous Message | Tom Lane | 2017-01-04 14:55:25 | Re: [PATCH] Rename pg_switch_xlog to pg_switch_wal |