Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w5ho8-003Xbq-1r for pgpool-hackers@arkaria.postgresql.org; Thu, 26 Mar 2026 10:19:20 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w5ho5-0027uK-36 for pgpool-hackers@arkaria.postgresql.org; Thu, 26 Mar 2026 10:19:18 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w5ho5-0027uC-2T for pgpool-hackers@lists.postgresql.org; Thu, 26 Mar 2026 10:19:18 +0000 Received: from meldrar.postgresql.org ([2a02:c0:301:0:ffff::31]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w5ho4-000000017fi-0ROw for pgpool-hackers@lists.postgresql.org; Thu, 26 Mar 2026 10:19:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Content-Transfer-Encoding:Content-Type: Mime-Version:References:In-Reply-To:From:Subject:Cc:To:Message-Id:Date:Sender :Reply-To:Content-ID:Content-Description; bh=QUd7hULNoJH6ckSVVyBQNfDLrA3NVJDAnkOK/BsfpDk=; b=dYne121x+3zRzMFYnTLTMqO8dn gBfgTJrSoHL/CZhUhBtvL3hwcFrt2/7f2cI4oDBPeLoJn4KlR8UCA1ODm1vQ7CsWFY8A0d0kNIODT PtcaXE4YZTkqnzL4srpnl76iENMhh2gSWMLIGR54Y/jw5uUSrhOM+V4YyYsetnyfN8aTYlKDCtJQM RL+6J70OKb2O3bbEhQTfZ2vioKM5CmqEPXCU3+Dex4A0cv6hmrScpbaCVmF67sjQTVDhAl+ha9f+6 s11Ubr9vyVuMOFb/wVsFFzxqIdnTwjWtmkaVdfsPJWN+/Y8owDYdMZtrrk1HBqx4G6Frf62mMw2wW zDkYM6OQ==; Received: from [2409:11:4120:300:1ef8:7430:6eb1:68e7] (helo=localhost) by meldrar.postgresql.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w5ho0-006NrU-15; Thu, 26 Mar 2026 10:19:15 +0000 Date: Thu, 26 Mar 2026 19:19:02 +0900 (JST) Message-Id: <20260326.191902.1769703442358463290.ishii@postgresql.org> To: bob.ross.19821@gmail.com Cc: pgpool-hackers@lists.postgresql.org Subject: Re: Rotate SSL certificates on reload (SIGHUP) without restart From: Tatsuo Ishii In-Reply-To: <20260326.170716.601660341897872041.ishii@postgresql.org> References: <20260319.192225.349123033503761335.ishii@postgresql.org> <20260326.170716.601660341897872041.ishii@postgresql.org> X-Mailer: Mew version 6.8 on Emacs 29.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2409:11:4120:300:1ef8:7430:6eb1:68e7 (failed) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi Bob, > Thank you for the patch! I will look into the patch. I skimmed through the patch. You changed main.c and child.c to call SSL_ServerSide_init() so that they reload new SSL parameters. However, in Pgpool-II there are two more places which could use SSL connection to PostgreSQL server: health check and streaming replication check. I suspect they need to call SSL_ServerSide_init() while reloading the config file. What do you think? Regards, -- Tatsuo Ishii SRA OSS K.K. English: http://www.sraoss.co.jp/index_en/ Japanese:http://www.sraoss.co.jp