| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andreas Karlsson <andreas(at)proxel(dot)se> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
| Date: | 2015-08-26 01:57:51 |
| Message-ID: | 28784.1440554271@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
[ moving this discussion back to the patch thread ]
Andreas Karlsson <andreas(at)proxel(dot)se> writes:
> On 08/25/2015 09:39 AM, Michael Paquier wrote:
>> -- Reload SSL certificates on SIGHUP: returned with feedback? I think
>> that this patch needs more work to be in a commitable state.
> Maybe I am being dense here, but I do not feel like I have gotten any
> clear feedback which gives me a way forward with the patch. I do not
> really see what more I can do here other than resubmit it to the next CF
> which I feel would be poor etiquette by me.
I think we pretty much rejected Peter's concern about doing the work
in the SIGHUP handler. There's been some other discussion about
refactoring the postmaster to not do all its work in signal handlers,
but that is material for a different patch. Absent hard evidence that
reloading SSL config in the handler actually fails, I don't think we
should ask this patch to do a half-baked job of refactoring that.
However ... a concern I've got is that there's a difference between how
the Unix and Windows builds work, and this patch will move that from a
back-burner issue to a significant concern. Namely, that on Unix we load
the SSL data once and that's what you use, while on Windows (or any
EXEC_BACKEND build) what you're going to get is whatever is in the files
right now when a connection starts, whether it's good or bad. What this
patch does, unless I missed something, is to persuade the Unix ports to
implement "reload SSL data at SIGHUP", which is good; but the Windows
behavior stays where it is.
It didn't matter so much as long as changing the SSL config files wasn't
considered a supported operation; but if that is supported, then people
are going to complain.
Is it unreasonable of me to ask for the Windows behavior to be fixed at
the same time? I dunno. It's perhaps less broken than the Unix behavior,
but that doesn't make it desirable. OTOH it might be a significantly
larger patch, and I confess I'm not even too sure what we'd have to do.
So I think the way to move this forward is to investigate how to hold
the SSL config constant until SIGHUP in an EXEC_BACKEND build. If we
find out that that's unreasonably difficult, maybe we'll decide that
we can live without it; but I'd like to see the question investigated
rather than ignored.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan de Visser | 2015-08-26 02:10:22 | Re: Idea: closing the loop for "pg_ctl reload" |
| Previous Message | Joe Conway | 2015-08-26 01:54:24 | Re: One question about security label command |