Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCYil-0026jc-1J for pgpool-hackers@arkaria.postgresql.org; Tue, 14 Apr 2026 08:02:08 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wCYij-00Ad0J-2e for pgpool-hackers@arkaria.postgresql.org; Tue, 14 Apr 2026 08:02:06 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCYij-00Ad0C-24 for pgpool-hackers@lists.postgresql.org; Tue, 14 Apr 2026 08:02:06 +0000 Received: from meldrar.postgresql.org ([2a02:c0:301:0:ffff::31]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wCYih-00000000zIQ-2yUP for pgpool-hackers@lists.postgresql.org; Tue, 14 Apr 2026 08:02:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Content-Transfer-Encoding:Content-Type: Mime-Version:References:In-Reply-To:From:Subject:Cc:To:Message-Id:Date:Sender :Reply-To:Content-ID:Content-Description; bh=WbhhWWJQDb745tWnRAbKHGyvV0GqamR4CV3WI25HUJw=; b=hnjToDg8X41m46xkB4BXN0de/P f/B6IvOoJcY87NSD65nu0l3uTB794XHEodvSXaR1DE549bPxo0XmPjjCyM1iHapubO3LohrymRemM gB9Q4nh6lTuzP1W9/ltEKdivcNYRp9r1VxwRBvrnP0goBgVxaJgKQ0ZDjL4NEYaMbQUp1q+IwHK0q clLp4BPCF4fn9aDbvm4KUKLKcLKcFEcKExzzLavhfc2sTjL2lpdTRzTdQzqpeBnweZYGR3QekKQnv qwQXxUrGL9b96/aETWbxRn1x3fzGo7w3hgpdDMyPxN+wI6ioBccgSIppgkiXG6VABfNXKTuXk4GLn tZdtdKOg==; Received: from [2409:11:4120:300:2436:ff88:6e55:f695] (helo=localhost) by meldrar.postgresql.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCYif-002b2g-15; Tue, 14 Apr 2026 08:02:03 +0000 Date: Tue, 14 Apr 2026 17:01:51 +0900 (JST) Message-Id: <20260414.170151.1083817546153854089.ishii@postgresql.org> To: bob.ross.19821@gmail.com Cc: pgpool-hackers@lists.postgresql.org Subject: Re: Rotate SSL certificates on reload (SIGHUP) without restart From: Tatsuo Ishii In-Reply-To: References: <20260401.180542.2251969369195681939.ishii@postgresql.org> X-Mailer: Mew version 6.8 on Emacs 29.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Host-Lookup-Failed: Reverse DNS lookup failed for 2409:11:4120:300:2436:ff88:6e55:f695 (failed) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk SGkgQm9iLA0KDQo+IEhpIFRhdHN1bywNCj4gDQo+IFBsZWFzZSBsZXQgbWUga25vdyBpZiB5b3Ug bmVlZCBhbnkgYXNzaXN0YW5jZSB3aXRoIHVwZGF0aW5nIHlvdXIgdGVzdA0KPiBjYXNlcy4gSSBh bSBiZSBoYXBweSB0byBoZWxwLg0KPiANCj4gVGhhbmtzLA0KPiBCb2INCg0KU29ycnkgZm9yIGxh dGUuIEkgd2FzIGJ1c3kgd2l0aCBwZXJzb25hbCBhZmZhaXJzIGFuZCBzb21lIG90aGVyDQpwcm9q ZWN0cy4NCg0KPiBPbiBUaHUsIEFwciAyLCAyMDI2IGF0IDk6NTfigK9QTSBCb2IgUm9zcyA8Ym9i LnJvc3MuMTk4MjFAZ21haWwuY29tPiB3cm90ZToNCj4gDQo+PiBIaSBUYXRzdW8sDQo+Pg0KPj4g VGhhbmtzIGZvciBwdXR0aW5nIHRvZ2V0aGVyIHRoZSByZWdyZXNzaW9uIHRlc3RzLg0KPj4NCj4+ IFRob3VnaHRzIG9uIHlvdXIgcXVlc3Rpb25zOg0KPj4gLSBDQSBDZXJ0aWZpY2F0ZXMgLSBZZXMs IGFkZGluZyBhIGNlcnQgYXV0aCB0ZXN0IGlzIGhpZ2hseSByZWNvbW1lbmRlZC4gV2UNCj4+IGNv dWxkIHRlc3QgdGhpcyBieSBnZW5lcmF0aW5nIHR3byBkaWZmZXJlbnQgZHVtbXkgQ0EgY2VydGlm aWNhdGVzLiBTdGFydA0KPj4gcGdwb29sIHRydXN0aW5nIENBICMxLCBzd2FwIHRoZSBjb25maWcg dG8gQ0EgIzIsIHJlbG9hZCBhbmQgdmVyaWZ5IGlmDQo+PiBjbGllbnQgY29ubmVjdGlvbiBjb3Jy ZWN0bHkgZ2V0cyByZWplY3RlZC4NCg0KSWYgeW91IGNvdWxkIGV4dGVuZCB0aGUgdGVzdCBmaWxl IEkgcG9zdGVkIHNvIHRoYXQgaXQgcGVyZm9ybXMgYSBjZXJ0DQphdXRoIHRlc3QsIHRoYXQgd291 bGQgYmUgaGVscGZ1bC4NCg0KPj4gLSBESCBwYXJhbWV0ZXJzIC0gcGVyaGFwcyB3ZSBjYW4gdGVz dCB0aGlzIGJ5IHByb3ZpZGluZyBhIG5vbi1leGlzdGVudA0KPj4gZmlsZSBwYXRoIGFuZCB0aGVu IHVzZSBncmVwIHRvIGNoZWNrIHBncG9vbC5sb2cgZm9yIHNwZWNpZmljIHdhcm5pbmcNCj4+IG1l c3NhZ2UgKHBlciBwb29sX3NzbC5jIGl04oCZcyDigJxESDogY291bGQgbm90IGxvYWQgREggcGFy YW1ldGVyc+KAnSkgd2hlbg0KPj4gcGdwb29sIHRyaWVzIHRvIGxvYWQgdGhlIGZpbGUuDQoNCkkg dGhpbmsgaXQgd2lsbCBub3Qgd29yay4NCg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0Kc3RhdGljIGJvb2wNCmluaXRp YWxpemVfZGgoU1NMX0NUWCAqY29udGV4dCkNCnsNCglESAkJICAgKmRoID0gTlVMTDsNCg0KCVNT TF9DVFhfc2V0X29wdGlvbnMoY29udGV4dCwgU1NMX09QX1NJTkdMRV9ESF9VU0UpOw0KDQoJaWYg KHBvb2xfY29uZmlnLT5zc2xfZGhfcGFyYW1zX2ZpbGVbMF0pDQoJCWRoID0gbG9hZF9kaF9maWxl KHBvb2xfY29uZmlnLT5zc2xfZGhfcGFyYW1zX2ZpbGUpOw0KCWlmICghZGgpDQoJCWRoID0gbG9h ZF9kaF9idWZmZXIoRklMRV9ESDIwNDgsIHNpemVvZihGSUxFX0RIMjA0OCkpOw0KCWlmICghZGgp DQoJew0KCQllcmVwb3J0KFdBUk5JTkcsDQoJCQkJKGVycm1zZygiREg6IGNvdWxkIG5vdCBsb2Fk IERIIHBhcmFtZXRlcnMiKSkpOw0KCQlyZXR1cm4gZmFsc2U7DQoJfQ0KOg0KOg0KPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQ0KDQpUaGUgZXJlcG9ydCBtZXNzYWdlIGlzIHByaW50ZWQgd2hlbiB0aGUgYnVpbHQtaW4gREgg cGFyYW1ldGVyIGZpbGUgaXMNCmJyb2tlbi4gQnV0IGFzIGxvbmcgYXMgdGhlIHNvdXJjZSBmaWxl IGlzIGZpbmUsIGl0IHdvdWxkIG5ldmVyIGhhcHBlbi4NCg0KTWF5YmUgd2Ugc2hvdWxkIGZpeCB0 aGUgY29kZSBhYm92ZSBzbyB0aGF0IGl0IGVtaXRzIGVyZXBvcnQgd2hlbiBpdA0KZmFpbHMgdG8g bG9hZCB0aGUgREggcGFyYW1ldGVyIGZpbGUgc3BlY2lmaWVkIGJ5IHNzbF9kaF9wYXJhbXNfZmls ZT8NCg0KUmVnYXJkcywNCi0tDQpUYXRzdW8gSXNoaWkNClNSQSBPU1MgSy5LLg0KRW5nbGlzaDog aHR0cDovL3d3dy5zcmFvc3MuY28uanAvaW5kZXhfZW4vDQpKYXBhbmVzZTpodHRwOi8vd3d3LnNy YW9zcy5jby5qcA0K