Re: Adding support for SSLKEYLOGFILE in the frontend
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Tom Lane <tgl@sss.pgh.pa.us>, Jacob Champion <jacob.champion@enterprisedb.com>, Abhishek Chanda <abhishek.becs@gmail.com>, Álvaro Herrera <alvherre@alvh.no-ip.org>
Date: 2025-06-29T10:56:40Z
Lists: pgsql-hackers
On 27.06.25 11:15, Daniel Gustafsson wrote: >> On 26 Jun 2025, at 23:06, Daniel Gustafsson <daniel@yesql.se> wrote: > >> I'll propose changes for these comments in the morning when coffee has been >> had. > > The attached moves to logging on stderr along with a test for this, and also > removes the WARNING prefix that was added to the other stderr loggings since > that seems out of place compared to other stderr loggings in libpq (the > sslpassword trunction WARNING is clearly warranted, these were not). Hmm, I thought the WARNING prefixes were good. I think these are similar to "WARNING: password file \"%s\" is not a plain file\n" in that something during the connection setup is being ignored. Otherwise, if you just write something but don't tag it with something like warning or error, it's not clear how the user is supposed to interpret it. Is it a progress message, is it something bad, etc.? > The umask > call is removed as it's not required, and a little bit of whitespace cleanup > from the original commit performed. Re macros for file modes, this is for > fopen and not open though, or am I missing something? It looks like the conventions around the code are mixed. 0600 is clear enough that we can keep it. I don't think this is necessary: + errno = 0;
Commits
-
Fix sslkeylogfile error handling logging
- a6c0bf93031d 19 (unreleased) landed
- 39f01083facd 18.0 landed
-
Mark sslkeylogfile as Debug option
- 2970c75dd982 18.0 landed
-
libpq: Add support for dumping SSL key material to file
- 2da74d8d6400 18.0 landed