Re: Passphrase protected SSL key and reloads

On 2019-04-24 13:22, Joe Conway wrote:
>>   "Using a passphrase also disables the ability to change the server's
>>    SSL configuration without a server restart."
>>
>> But as of pg11 we have ssl_passphrase_command_supports_reload, which as
>> I understand it should allow this if the passphrase command is not
>> interactive. Per
>> https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-PASSPHRASE-COMMAND-SUPPORTS-RELOAD
>>
>>   "Setting this parameter to true might be appropriate if the passphrase
>>    is obtained from a file, for example."
>>
>> Am I misunderstanding, or was the former quote missed when updating the
>> docs for pg11?

Right, that should be amended.  I suspect the next sentence

   Furthermore, passphrase-protected private keys cannot be used at all
   on Windows.

is also related to this.  Can someone comment on this?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services