granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Tue, 3 Jan 2017 02:37:12 +0000 (21:37 -0500)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Tue, 3 Jan 2017 02:37:12 +0000 (21:37 -0500)
commit	de41869b64d57160f58852eab20a27f248188135
tree	a4d81157d9126c76d042d093ee7a4a08a37181aa	tree \| snapshot
parent	1d63f7d2d180c8708bc12710254eb7b45823440f	commit \| diff

Allow SSL configuration to be updated at SIGHUP.

It is no longer necessary to restart the server to enable, disable,
or reconfigure SSL.  Instead, we just create a new SSL_CTX struct
(by re-reading all relevant files) whenever we get SIGHUP.  Testing
shows that this is fast enough that it shouldn't be a problem.

In conjunction with that, downgrade the logic that complains about
pg_hba.conf "hostssl" lines when SSL isn't active: now that's just
a warning condition not an error.

An issue that still needs to be addressed is what shall we do with
passphrase-protected server keys?  As this stands, the server would
demand the passphrase again on every SIGHUP, which is certainly
impractical.  But the case was only barely supported before, so that
does not seem a sufficient reason to hold up committing this patch.

Andreas Karlsson, reviewed by Michael Banck and Michael Paquier

Discussion: https://postgr.es/m/556A6E8A.9030400@proxel.se

doc/src/sgml/client-auth.sgml		diff \| blob \| history
doc/src/sgml/config.sgml		diff \| blob \| history
doc/src/sgml/runtime.sgml		diff \| blob \| history
src/backend/libpq/auth.c		diff \| blob \| history
src/backend/libpq/be-secure-openssl.c		diff \| blob \| history
src/backend/libpq/be-secure.c		diff \| blob \| history
src/backend/libpq/hba.c		diff \| blob \| history
src/backend/postmaster/postmaster.c		diff \| blob \| history
src/backend/utils/misc/guc.c		diff \| blob \| history
src/backend/utils/misc/postgresql.conf.sample		diff \| blob \| history
src/include/libpq/libpq-be.h		diff \| blob \| history
src/include/libpq/libpq.h		diff \| blob \| history
src/test/ssl/ServerSetup.pm		diff \| blob \| history