On 01/04/2017 04:14 PM, Stephen Frost wrote:
* Andreas Karlsson (andr...@proxel.se) wrote:
A possible solution might be to only add the error throwing hook
when loading certificates during SIGHUP (and at Windows) and to work
as before on startup. Would that be an acceptable solution? I could
write a patch for this if people are interested.
I'm not sure I see how that's a solution..? Wouldn't that mean that a
SIGHUP with an encrypted key would result in a failure?
The solution, at least in my view, seems to be to say "sorry, we can't
reload the SSL stuff if you used a passphrase to unlock the key on
startup, you will have to perform a restart if you want the SSL bits to
be changed."
Sorry, I was very unclear. I meant refusing the reload the SSL context
if there is a pass phrase, but that the rest of the config will be
reloaded just fine. This will lead to some log spam on every SIGHUP for
people with a pass phrase but should otherwise work as before.
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
