Re: [PATCH] Reload SSL certificates on SIGHUP

On 07/23/2015 07:19 AM, Michael Paquier wrote:
> On Wed, Jul 22, 2015 at 9:52 AM, Andreas Karlsson <andreas(at)proxel(dot)se> wrote:
>> On 07/02/2015 06:13 PM, Peter Eisentraut wrote:
>>>
>>> I think this would be a useful feature, and the implementation looks
>>> sound. But I don't like how the reload is organized. Reinitializing
>>> the context in the sighup handler, aside from questions about how much
>>> work one should do in a signal handler, would cause SSL reinitialization
>>> for unrelated reloads. We have the GUC assign hook mechanism for
>>> handling this sort of thing. The trick would be that when multiple
>>> SSL-related settings change, you only want to do one reinitialization.
>>> You could either have the different assign hooks communicate with each
>>> other somehow, or have them set a "need SSL init" flag that is checked
>>> somewhere else.
>>
>>
>> It is not enough to just add a hook to the GUCs since I would guess most
>> users would expect the certificate to be reloaded if just the file has been
>> replaced and no GUC was changed.
>
> Why? It seems to me that the assign hook gets called once per process
> at reload for a SIGHUP parameter even if its value is not changed, no?

My bad, I tested it and you are correct. But I am not convinced moving
the SSL initialization to a GUC assign hook would make anything clearer.
It would not move any work out of the signal handler either since the
assign hooks are ran inside it, and the hook will be ran in all backends
which is not any interesting property for SSL initialization.

Andreas