From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Add ssl_passphrase_command setting |
Date: | 2018-03-17 12:31:55 |
Message-ID: | E1exB07-0001Ni-Vo@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Add ssl_passphrase_command setting
This allows specifying an external command for prompting for or
otherwise obtaining passphrases for SSL key files. This is useful
because in many cases there is no TTY easily available during service
startup.
Also add a setting ssl_passphrase_command_supports_reload, which allows
supporting SSL configuration reload even if SSL files need passphrases.
Reviewed-by: Daniel Gustafsson <daniel(at)yesql(dot)se>
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/8a3d9425290ff5f6434990349886afae9e1c6008
Modified Files
--------------
doc/src/sgml/config.sgml | 60 +++++++++++++
src/backend/libpq/Makefile | 2 +-
src/backend/libpq/be-secure-common.c | 120 ++++++++++++++++++++++++++
src/backend/libpq/be-secure-openssl.c | 58 ++++++++++---
src/backend/libpq/be-secure.c | 2 +
src/backend/utils/misc/guc.c | 19 ++++
src/backend/utils/misc/postgresql.conf.sample | 2 +
src/include/libpq/libpq.h | 8 ++
src/test/ssl/Makefile | 5 ++
src/test/ssl/README | 3 +
src/test/ssl/ssl/server-password.key | 18 ++++
src/test/ssl/t/001_ssltests.pl | 35 ++++++--
src/tools/msvc/Mkvcbuild.pm | 1 +
13 files changed, 313 insertions(+), 20 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2018-03-17 13:23:12 | pgsql: Set libpq sslcompression to off by default |
Previous Message | Andres Freund | 2018-03-17 06:33:45 | pgsql: Make ExplainPropertyInteger accept 64bit input, remove *Long var |