On Wed, Aug 26, 2015 at 10:57 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > [...] > So I think the way to move this forward is to investigate how to hold > the SSL config constant until SIGHUP in an EXEC_BACKEND build. If we > find out that that's unreasonably difficult, maybe we'll decide that > we can live without it; but I'd like to see the question investigated > rather than ignored.
You have a point here. In EXEC_BACKEND, parameter updated via SIGHUP are only taken into account by newly-started backends, right? Hence, a way to do what we want is to actually copy the data needed to initialize the SSL context into alternate file(s). When postmaster starts up, or when SIGHUP shows up those alternate files are upserted by the postmaster. be-secure-openssl.c needs also to be changed such as with EXEC_BACKEND the context needs to be loaded from those alternate files. At quick glance this seems doable. For now I am moving the patch to the next CF, more investigation is surely needed. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
