Re: Adding support for SSLKEYLOGFILE in the frontend

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Abhishek Chanda <abhishek.becs@gmail.com>, pgsql-hackers@postgresql.org, Daniel Gustafsson <daniel@yesql.se>
Date: 2025-01-09T20:36:16Z
Lists: pgsql-hackers
On Wed, Jan 8, 2025 at 5:17 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> I think it might be safer if we only accepted it as a connection
> parameter and not via an environment variable.

Making it a connection parameter also keeps us from colliding with any
other linked libraries' use of SSLKEYLOGFILE (I'm thinking about
libcurl at the moment, but I think maybe NSS used it too?).

--Jacob



Commits

  1. Fix sslkeylogfile error handling logging

  2. Mark sslkeylogfile as Debug option

  3. libpq: Add support for dumping SSL key material to file