Re: Rotate SSL certificates on reload (SIGHUP) without restart

Hi Bob,

> Hi Tatsuo,
>
> Thanks for double-checking! Please feel free to go ahead and write the
> regression tests if you're up for it. I'd really appreciate the help.

I have written the first version of the regression test. This test
performs:

1. Set bad value (fixed string "bad_value") to a config param and
restart pgpool so that SSL connection does not establish between
client and pgpool.

2. Set good value to the config and reload pgpool so that SSL
connection establishes.

The test is run against:
ssl_cert
ssl_ciphers
ssl_crl_file
ssl_ecdh_curve
ssl_key

It does not test ssl_ca_cert and ssl_ca_cert_dir because the test is
based on 023.ssl_connection which does not check cert auth. Should we
test cert auth as well?

Also this does not test followings:

- ssl_dh_params_file
If bad value is set to the parameter, it falls back to a builtin
value. So it is not possible to set a bad value to the parameter.
Do you have an idea to test this?

- ssl_passphrase_command
Our cert does not require pass passphrase.

- ssl_prefer_server_ciphers
This only affects server side (backend) ciphers. The test only tests
SSL connection between client and pgpool.

Attached is the v1 patch including your patch (I have remove "-----"
from your commit message. Otherwise the commit message cuts in the
middle) and the test script.
What do you think?

Regards,
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp