Re: Adding support for SSLKEYLOGFILE in the frontend
Abhishek Chanda <abhishek.becs@gmail.com>
From: Abhishek Chanda <abhishek.becs@gmail.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
Jacob Champion <jacob.champion@enterprisedb.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-13T23:02:35Z
Lists: pgsql-hackers
Thanks, Daniel.
Should there be the ifdef guard in here as well?
+ {"sslkeylogfile", NULL, NULL, NULL,
+ "SSL-Key-Log-File", "", 0, /* sizeof("") = 0 */
+ offsetof(struct pg_conn, sslkeylogfile)},
+
A small nit, this line should say NULL
+ /* line is guaranteed by OpenSSL to be NUL terminated */
Thanks
On Thu, Mar 13, 2025 at 5:07 PM Daniel Gustafsson <daniel@yesql.se> wrote:
>
>
>
> > On 13 Mar 2025, at 19:31, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >
> > Jacob Champion <jacob.champion@enterprisedb.com> writes:
> >> Adding the PG prefix to the envvar name addresses my collision
> >> concern, but I think Tom's comment upthread [1] was saying that we
> >> should not provide any envvar at all:
> >
> >>> I think it might be safer if we only accepted it as a connection
> >>> parameter and not via an environment variable.
> >
> >> Is the addition of the PG prefix enough to address that concern too?
> >
> > Indeed, I was advocating for *no* environment variable. The PG prefix
> > does not comfort me.
>
> Attached is a rebased version which fixes the test failure under autoconf (I
> had missed git adding the configure file..) and Windows where the backslashes
> weren't escaped properly. It also removes the environment variable and has
> documentation touchups.
>
> --
> Daniel Gustafsson
>
--
Thanks and regards
Abhishek Chanda
Commits
-
Fix sslkeylogfile error handling logging
- a6c0bf93031d 19 (unreleased) landed
- 39f01083facd 18.0 landed
-
Mark sslkeylogfile as Debug option
- 2970c75dd982 18.0 landed
-
libpq: Add support for dumping SSL key material to file
- 2da74d8d6400 18.0 landed