| From: | Abhishek Chanda <abhishek(dot)becs(at)gmail(dot)com> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Subject: | Re: Adding support for SSLKEYLOGFILE in the frontend |
| Date: | 2025-01-10 03:59:21 |
| Message-ID: | CAKiP-K8nKL1kYmkbFHvncsPVkLjug+j96HhPN4AsHfNAdnKOdw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Thanks for the feedback, everyone. Attached a followup with the
following changes compared to the initial version:
1. Converted sslkeylogfile to a connection parameter
2. Added a mechanism to chmod the key log file to 0600
3. Added docs and tests
I tested this manually. Also ran make check and make check-world
locally. Please let me know if this needs any other changes.
Thanks
On Thu, Jan 9, 2025 at 2:36 PM Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Wed, Jan 8, 2025 at 5:17 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > I think it might be safer if we only accepted it as a connection
> > parameter and not via an environment variable.
>
> Making it a connection parameter also keeps us from colliding with any
> other linked libraries' use of SSLKEYLOGFILE (I'm thinking about
> libcurl at the moment, but I think maybe NSS used it too?).
>
> --Jacob
--
Thanks and regards
Abhishek Chanda
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Add-support-for-dumping-SSL-keylog-to-a-file.patch | application/octet-stream | 6.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2025-01-10 04:06:26 | Re: Some ExecSeqScan optimizations |
| Previous Message | Peter Smith | 2025-01-10 03:41:23 | Re: Question about behavior of deletes with REPLICA IDENTITY NOTHING |