Re: Extended test coverage and docs for SSL passphrase commands
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Chao Li <li.evan.chao@gmail.com>
Cc: Álvaro Herrera <alvherre@kurilemu.de>, Peter Eisentraut <peter@eisentraut.org>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-23T19:32:46Z
Lists: pgsql-hackers
> On 22 Nov 2025, at 10:30, Chao Li <li.evan.chao@gmail.com> wrote: > I just reviewed the patch and got a few comments. Thanks! An updated version will come downthread. > The GUC is added like a mirror of debug_assertions. However, I think a small difference is that, assertions will impact everything at runtime, while EXEC_BACKEND don’t really impact PG’s behavior, instead it only impacts how backend processes are spawned. Thus, I feel “running server is EXEC_BACKEND mode” is a little bit inaccurate, maybe just say “show whether the running server is built with EXEC_BACKEND”. That's a good point, the docementation hunk had it right where this part got it wrong. Fixed. > This is not a comment. I’m just thinking that, as EXEC_BACKEND is compile flag, when a server is started, it knows if EXEC_BACKEND is enabled or not. So that, if ssl_passphrase_command must be turned on, why cannot we automatically turn on it? Technically we might be able to, but I don't want to override the administrator when it comes to sensitive configuration settings. Better to document what needs to be done and have the user make informed decisions. > Typo: passhprase -> passphrase Fixed. -- Daniel Gustafsson
Commits
-
doc: Clarify passphrase command reloading on Windows
- cbb69a65a7d2 17.8 landed
- eb7743e3e4f5 15.16 landed
- 9a26ff8c0e99 14.21 landed
- 54ba4a66fdc4 16.12 landed
- 2f9ec456aece 18.2 landed
- 0f4f45772c5a 19 (unreleased) landed
-
ssl: Add connection and reload tests for key passphrases
- 348020caa7be 19 (unreleased) landed
-
Add GUC to show EXEC_BACKEND state
- b3fe098d330f 19 (unreleased) landed