[pgpool-general: 9096] Is the TLS certificate revocation list loaded only on server start, or does the TLS/SSL library reload it on every connection?
Ian van der Linde
ian at ivdl.co.za
Tue May 7 17:10:12 JST 2024
Good day
PgPool supports setting an ssl_crl_file parameter to configure a certificate revocation list. Let's assume that's been set up, and PgPool has been restarted to load the file. If the file is changed to revoke another certificate, will that automatically be picked up by the running PgPool the next time a client connects, or does PgPool need to be restarted every time a certificate is added to the CRL? If so, is a simple configuration reload sufficient, or does it have to be a full restart?
Kind regards
Ian van der Linde
More information about the pgpool-general
mailing list