| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Álvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Abhishek Chanda <abhishek(dot)becs(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SSLKEYLOGFILE in the frontend |
| Date: | 2025-03-20 10:58:14 |
| Message-ID: | e084dda4-e462-4277-9745-eecf6b93a091@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 20/03/2025 11:39, Álvaro Herrera wrote:
> Hello,
>
> It seems there's rough consensus on proceeding with a connection param
> and no environment variable. TBH it's not very clear to me that an
> envvar is a great way to drive this, even if there weren't security
> considerations at play, just considering the case of a multithreaded
> program that opens two connections ... reading that log file is going to
> be super fun.
I believe the usual way to use SSLKEYLOGFILE is indeed to append all
keys to the same file. That's how I use, at least. I'm not sure if
openssl has some locking on it, but I've never had a problem with having
data from different connections mixed up. The lines are not that long,
it probably just relies on write(2) being atomic enough.
--
Heikki Linnakangas
Neon (https://neon.tech)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2025-03-20 11:07:29 | Re: Support NOT VALID / VALIDATE constraint options for named NOT NULL constraints |
| Previous Message | Vladlen Popolitov | 2025-03-20 10:40:51 | Re: PoC. The saving of the compiled jit-code in the plan cache |