Re: Adding support for SSLKEYLOGFILE in the frontend

From: vignesh C <vignesh21(at)gmail(dot)com>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Abhishek Chanda <abhishek(dot)becs(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SSLKEYLOGFILE in the frontend
Date: 2025-03-16 13:16:28
Message-ID: CALDaNm3aPj=OaGM6=J4GngJc_7MocGmjB3uxtKi+x9cxcLZUyQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, 14 Mar 2025 at 03:38, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
>
>
> > On 13 Mar 2025, at 19:31, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >
> > Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> writes:
> >> Adding the PG prefix to the envvar name addresses my collision
> >> concern, but I think Tom's comment upthread [1] was saying that we
> >> should not provide any envvar at all:
> >
> >>> I think it might be safer if we only accepted it as a connection
> >>> parameter and not via an environment variable.
> >
> >> Is the addition of the PG prefix enough to address that concern too?
> >
> > Indeed, I was advocating for *no* environment variable. The PG prefix
> > does not comfort me.
>
> Attached is a rebased version which fixes the test failure under autoconf (I
> had missed git adding the configure file..) and Windows where the backslashes
> weren't escaped properly. It also removes the environment variable and has
> documentation touchups.

I noticed that Peter's comments from [1] is not yet addressed. I have
changed the commitfest entry status to Waiting on Author, please
address them and update the status to Needs review.
[1] - https://www.postgresql.org/message-id/68b66b6d-cc59-44f8-bdd2-248d50055740%40eisentraut.org

Regards.
Vignesh

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message vignesh C 2025-03-16 13:19:47 Re: Doc: Move standalone backup section, mention -X argument
Previous Message vignesh C 2025-03-16 13:13:56 Re: libpq: Process buffered SSL read bytes to support records >8kB on async API