Re: re-reading SSL certificates during server reload

On Thu, Aug 28, 2014 at 4:05 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> On Thu, Aug 28, 2014 at 3:20 AM, Robert Haas <robertmhaas@gmail.com> wrote:
>>> On Wed, Aug 27, 2014 at 6:40 AM, Magnus Hagander <magnus@hagander.net> wrote:
>>>> Key and cert files are loaded in the postmaster. We'd need to change
>>>> that.
>
>>> Why?
>
>> Hmm. That's actually a good point. Not sure I have an excuse. They
>> could certainly be made BACKEND without that, and there's no way to
>> change it within a running backend *anyway*, since we cannot turn
>> on/off SSL once a connection has been made. So yeah, it can actually
>> still be loaded in postmaster, and I withdraw that argument :)
>
> Why would they need to be BACKEND, as opposed to just PGC_SIGHUP?
> The only reason they're PGC_POSTMASTER is the lack of any code
> for loading updated values, which I assume is something that's
> possible with OpenSSL.

I just thought semantically - because they do not change in a running
backend. Any running backend will continue with encryption set up
based on the old certificate.


> We could in fact wait to load them until after a backend has forked off
> from the postmaster, but (1) that'd slow down session startup, and (2)
> it would mean that you don't hear about broken settings at postmaster
> startup.
>
> (BTW, what happens on Windows?  I imagine we have to reload them anyway
> after fork/exec on that platform ...)

Yes, we already do that - secure_initialize() is called in SubPostmasterMain().

But I think reloading them in the postmaster on Unix is the better choice, yes.

-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/