| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Andreas Karlsson <andreas(at)proxel(dot)se> |
| Cc: | Michael Banck <michael(dot)banck(at)credativ(dot)de>, Peter Geoghegan <pg(at)heroku(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
| Date: | 2016-12-04 14:20:05 |
| Message-ID: | CAB7nPqThxqDOt_pmJ0d4hHogtmZg=uh=Toez+WyOZzwaCZNSCg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Dec 4, 2016 at 11:11 PM, Andreas Karlsson <andreas(at)proxel(dot)se> wrote:
> On 12/04/2016 02:12 PM, Michael Paquier wrote:
>>
>> One last thing that I think is missing in this patch is for users the
>> possibility to check via SQL if the SSL context is actually loaded or
>> not. As the context is reloaded after all the new values are
>> available, with the current patch users may see that ssl is set to on
>> but no context is loaded. So why not adding for example a read-only
>> parameter that maps with SSLLoaded?
>
>
> The other three issues are easy to fix, but this one is a bit trickier. Do
> you mean that we should add another GUC here which is read-only?
Yes, that's what I meant. It is hard to track if the reloading has
been effective or not.
> Does this have a precedent in the code?
data_checksums in guc.c is an example, it is marked with
GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE and its value is updated with
SetConfigOption() when the control file is read. The idea would be to
do something like that with LoadedSSL.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2016-12-04 15:06:47 | Re: Select works only when connected from login postgres |
| Previous Message | Andreas Karlsson | 2016-12-04 14:11:24 | Re: [PATCH] Reload SSL certificates on SIGHUP |