On 2019-04-24 13:22, Joe Conway wrote:
>> "Using a passphrase also disables the ability to change the server's
>> SSL configuration without a server restart."
>>
>> But as of pg11 we have ssl_passphrase_command_supports_reload, which as
>> I understand it should allow this if the passphrase command is not
>> interactive. Per
>> https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-PASSPHRASE-COMMAND-SUPPORTS-RELOAD
>>
>> "Setting this parameter to true might be appropriate if the passphrase
>> is obtained from a file, for example."
>>
>> Am I misunderstanding, or was the former quote missed when updating the
>> docs for pg11?
Right, that should be amended. I suspect the next sentence
Furthermore, passphrase-protected private keys cannot be used at all
on Windows.
is also related to this. Can someone comment on this?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services