Re: Adding support for SSLKEYLOGFILE in the frontend
Abhishek Chanda <abhishek.becs@gmail.com>
From: Abhishek Chanda <abhishek.becs@gmail.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@postgresql.org, Daniel Gustafsson <daniel@yesql.se>
Date: 2025-01-10T03:59:21Z
Lists: pgsql-hackers
Attachments
- v2-0001-Add-support-for-dumping-SSL-keylog-to-a-file.patch (application/octet-stream) patch v2-0001
Thanks for the feedback, everyone. Attached a followup with the following changes compared to the initial version: 1. Converted sslkeylogfile to a connection parameter 2. Added a mechanism to chmod the key log file to 0600 3. Added docs and tests I tested this manually. Also ran make check and make check-world locally. Please let me know if this needs any other changes. Thanks On Thu, Jan 9, 2025 at 2:36 PM Jacob Champion <jacob.champion@enterprisedb.com> wrote: > > On Wed, Jan 8, 2025 at 5:17 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > I think it might be safer if we only accepted it as a connection > > parameter and not via an environment variable. > > Making it a connection parameter also keeps us from colliding with any > other linked libraries' use of SSLKEYLOGFILE (I'm thinking about > libcurl at the moment, but I think maybe NSS used it too?). > > --Jacob -- Thanks and regards Abhishek Chanda
Commits
-
Fix sslkeylogfile error handling logging
- a6c0bf93031d 19 (unreleased) landed
- 39f01083facd 18.0 landed
-
Mark sslkeylogfile as Debug option
- 2970c75dd982 18.0 landed
-
libpq: Add support for dumping SSL key material to file
- 2da74d8d6400 18.0 landed