Re: re-reading SSL certificates during server reload

On 2014-08-28 10:12:19 -0400, Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
> > On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
> 
> > I just thought semantically - because they do not change in a running
> > backend. Any running backend will continue with encryption set up
> > based on the old certificate.
> 
> Hm.  Yeah, I guess there is some use in holding onto the values that were
> actually used to initialize the current session, or at least there would
> be if we exposed the cert contents in any fashion.

Won't that allow the option to be specified at connection start by mere
mortal users? That sounds odd to me.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services