| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Andreas Karlsson <andreas(at)proxel(dot)se>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Michael Banck <michael(dot)banck(at)credativ(dot)de>, Peter Geoghegan <pg(at)heroku(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
| Date: | 2017-01-04 15:57:20 |
| Message-ID: | 23703.1483545440@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> On 1/4/17 10:26 AM, Tom Lane wrote:
>> How will you know whether there's a pass phrase?
> One could register a password callback that remembers whether it was called.
Hmm ... actually, we don't even need to work that hard. If we simply
use the callback that's there now, but only during reloads not server
start, then we get the desired behavior. Reloads will fail because
the wrong passphrase was returned by the callback, and we'll keep the
current SSL state. It would probably be worth tweaking things to minimize
the amount of log spam that you get from that; but it would work, for
values of "work" similar to what was there before.
I still maintain that the existing solution for passphrases is useless,
but in the interest of removing objections to the current patch, I'll
go make that happen.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2017-01-04 15:57:30 | Re: Proposal : Parallel Merge Join |
| Previous Message | Merlin Moncure | 2017-01-04 15:49:23 | Re: merging some features from plpgsql2 project |