Quick Links

pgsql: Add ssl_passphrase_command setting

From:	Peter Eisentraut <peter_e(at)gmx(dot)net>
To:	pgsql-committers(at)postgresql(dot)org
Subject:	pgsql: Add ssl_passphrase_command setting
Date:	2018-03-17 12:31:55
Message-ID:	E1exB07-0001Ni-Vo@gemulon.postgresql.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers

Add ssl_passphrase_command setting

This allows specifying an external command for prompting for or
otherwise obtaining passphrases for SSL key files. This is useful
because in many cases there is no TTY easily available during service
startup.

Also add a setting ssl_passphrase_command_supports_reload, which allows
supporting SSL configuration reload even if SSL files need passphrases.

Reviewed-by: Daniel Gustafsson <daniel(at)yesql(dot)se>

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/8a3d9425290ff5f6434990349886afae9e1c6008

Modified Files
--------------
doc/src/sgml/config.sgml | 60 +++++++++++++
src/backend/libpq/Makefile | 2 +-
src/backend/libpq/be-secure-common.c | 120 ++++++++++++++++++++++++++
src/backend/libpq/be-secure-openssl.c | 58 ++++++++++---
src/backend/libpq/be-secure.c | 2 +
src/backend/utils/misc/guc.c | 19 ++++
src/backend/utils/misc/postgresql.conf.sample | 2 +
src/include/libpq/libpq.h | 8 ++
src/test/ssl/Makefile | 5 ++
src/test/ssl/README | 3 +
src/test/ssl/ssl/server-password.key | 18 ++++
src/test/ssl/t/001_ssltests.pl | 35 ++++++--
src/tools/msvc/Mkvcbuild.pm | 1 +
13 files changed, 313 insertions(+), 20 deletions(-)

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2018-03-17 13:23:12	pgsql: Set libpq sslcompression to off by default
Previous Message	Andres Freund	2018-03-17 06:33:45	pgsql: Make ExplainPropertyInteger accept 64bit input, remove *Long var