Re: Extended test coverage and docs for SSL passphrase commands

Chao Li <li.evan.chao@gmail.com>

From: Chao Li <li.evan.chao@gmail.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Álvaro Herrera <alvherre@kurilemu.de>, Peter Eisentraut <peter@eisentraut.org>, Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-22T09:30:11Z
Lists: pgsql-hackers
Hi Daniel,

I just reviewed the patch and got a few comments.

> On Nov 22, 2025, at 06:38, Daniel Gustafsson <daniel@yesql.se> wrote:
> 
> 
> The attached v2 adds a GUC debug_exec_backend which can be used to get the
> state of the running cluster, much like how debug_assertions will tell whether
> or not assertions were compiled in or not.  (Per an idea off-list conversation
> about this.) This will be operating system independent and reusable in other
> tests as well.
> 
> The rest of the patches are the same, just adapted to use this GUC in the SSL
> test.
> 
> --
> Daniel Gustafsson
> 
> <v2-0001-Add-GUC-to-show-EXEC_BACKEND-state.patch><v2-0002-doc-Clarify-passphrase-command-reloading-on-Windo.patch><v2-0003-ssl-Add-connection-and-reload-tests-for-key-passp.patch>

1 - 0001
```
+  short_desc => 'Shows whether the running server is running in EXEC_BACKEND mode.',
```

The GUC is added like a mirror of debug_assertions. However, I think a small difference is that, assertions will impact everything at runtime, while EXEC_BACKEND don’t really impact PG’s behavior, instead it only impacts how backend processes are spawned. Thus, I feel “running server is EXEC_BACKEND mode” is a little bit inaccurate, maybe just say “show whether the running server is built with EXEC_BACKEND”.

2 - 0002
```
+        This parameter must be set to <literal>on</literal> when running on
+        <systemitem class="osname">Windows</systemitem> since all connections
```

This is not a comment. I’m just thinking that, as EXEC_BACKEND is compile flag, when a server is started, it knows if EXEC_BACKEND is enabled or not. So that, if ssl_passphrase_command must be turned on, why cannot we automatically turn on it?

 3 - 0003
```
+$node->log_check(
+	"passhprase could reload private key",

```

Typo: passhprase -> passphrase

Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/







Commits

  1. doc: Clarify passphrase command reloading on Windows

  2. ssl: Add connection and reload tests for key passphrases

  3. Add GUC to show EXEC_BACKEND state