| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
| Date: | 2015-07-22 00:52:46 |
| Message-ID: | 55AEE95E.7090304@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 07/02/2015 06:13 PM, Peter Eisentraut wrote:
> I think this would be a useful feature, and the implementation looks
> sound. But I don't like how the reload is organized. Reinitializing
> the context in the sighup handler, aside from questions about how much
> work one should do in a signal handler, would cause SSL reinitialization
> for unrelated reloads. We have the GUC assign hook mechanism for
> handling this sort of thing. The trick would be that when multiple
> SSL-related settings change, you only want to do one reinitialization.
> You could either have the different assign hooks communicate with each
> other somehow, or have them set a "need SSL init" flag that is checked
> somewhere else.
It is not enough to just add a hook to the GUCs since I would guess most
users would expect the certificate to be reloaded if just the file has
been replaced and no GUC was changed. To support this we would need to
also check the mtimes of the SSL files, would that complexity really be
worth it?
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jaimin Pan | 2015-07-22 00:53:53 | Re: [HACKERS] object_classes array is broken, again |
| Previous Message | Michael Paquier | 2015-07-22 00:34:53 | Re: ALTER TABLE .. ADD PRIMARY KEY .. USING INDEX has dump-restore hazard |