On 7/21/15 8:52 PM, Andreas Karlsson wrote:
> It is not enough to just add a hook to the GUCs since I would guess most
> users would expect the certificate to be reloaded if just the file has
> been replaced and no GUC was changed. To support this we would need to
> also check the mtimes of the SSL files, would that complexity really be
> worth it?
Actually, I misread your patch. I thought you only wanted to reload the
SSL files when the GUC settings change, but of course we also want to
reload them when the files are changed.
I don't have a problem with rebuilding the SSL context on every reload
cycle. We already do a lot of extra reloading every time, so a bit more
shouldn't hurt. But I'm not so sure whether we should do that in the
SIGHUP handler. I don't know how we got into the situation of doing all
the file reloads directly in the handler, but at least we can control
that code. Making a bunch of calls into an external library is a
different thing, though. Can we find a way to do this differently?